Cloud Privacy & Security Cloud security’s seven deadly sins IT World Canada Staff @itworldca Published: August 9th, 2013 Data Loss/LeakageThere isn’t currently an acceptable level of security controls surrounding data in the cloud. Some applications could be leaking data as a result of weak API access control and key generation, storage and management. And, data destruction policies may also be absent.Shared Technology VulnerabilitiesIn the cloud, a single misconfiguration can be duplicated across an environment where many virtual servers share the same configuration. Enforce service level agreements (SLAs) for patch management and best practices for network and server configuration.Malicious InsidersThe level of background checks that cloud providers perform on staff may differ compared to how enterprises would prefer to control data centre access. Many providers may do a good job but it’s largely uneven. Perform a supplier assessment and outline a level of employee screening.Account, Service & Traffic HijackingA lot of data, applications and resources are concentrated in the cloud where, with weak authentication, an intruder can access a single user account and ultimately get at that customer’s virtual machines. Proactive monitoring of threats and two-factor authentication is advised.Insecure Application Programming InterfacesIt’s important to perceive the cloud as a new platform and not merely as outsourcing when it comes to developing applications. There ought to be a vetting process surrounding application lifecycles, where the developer understands and applies certain guidelines regarding authentication, access controls and encryption.Abuse and Nefarious Use of Cloud ComputingThe bad guys are probably more progressive than the good guys in how they use technology. Hackers are seen very quickly applying new threats combined with the ability to easily scale up and down in the cloud. All it takes is a single credit card to open up the floodgates.Unknown Risk ProfileTransparency issues continue to persist concerning cloud providers. Account users only interact with the front-end interface and really don’t know what goes on in the backend. Who knows which platforms or patch levels the provider is employing?1234567 Cloud, Privacy & Security