#cloud computing threats

In light of this, let us check out what are the four major security challenges for cloud computing:

1.       Security in the SPI model

The cloud model provides three types of services:

Software as a Service (SaaS)

 Here the customer can use the provider’s applications running on a cloud infrastructure. Here the security is mainly under the control of cloud provider and very less the customer can do about security.

Platform as a Service (PaaS)

In PaaS, the consumer can deploy his own application on a cloud infrastructure without installing any platform on his local machines. In PaaS, the customers get better hold on security.

Infrastructure as a Service (IaaS)

Here the consumer receives higher authority in processing the fundamental computing resources and can also deploy and run arbitrary software, including operating systems (OSes) and applications. As customers have better control so, here customers participate on security aspect at a larger level.

Each provider is responsible for securing his own services. Furthermore, each cloud service model has its own inherent security flaws and at the same time they are connected to each other. For instance PaaS and SaaS are hosted on the top of IaaS, hence any breach on IaaS can hamper the security of PaaS and SaaS as well. Overall, it can be said that there is deep dependencies within these three service models, and hence if any attack to security occurs then it becomes very confusing to tell with conviction that which service provider is responsible.

2.       Application Security

In Cloud computing, applications are delivered through a web browser via the Internet. In that case if there are flaws in web applications then it might very easily create vulnerabilities for the SaaS applications as well. Thus, attackers are extensively using the web to perform malicious activities in order to compromise the user’s computers. SaaS applications are surrounded by similar types of challenges and risks as that of any web application technology. But the traditional security solutions that can protect a web application do not put effective protection coverage to SaaS applications. Thus, new security arrangements are necessary. Out of ten critical SaaS security threats, the Open Web Application Security Project (OWASP) has been identified as one of the most dangerous application security threats.

3.       Data Security

For any new technology related to computing, data security is always one of the main concerns. With Cloud computing the challenge grows much bigger with SaaS users, as here the customers require entrusting the provider for proper security arrangement. In SaaS, the data is processed in plaintext and then stored in the cloud. It’s the SaaS provider, who can be solely involved in arranging the security of the data while it is being processed and stored. So as the customers need to entrust a third party, there is huge risk involved.

The security of the data backup is also a critical aspect and at the same time very much important in order to facilitate data recovery after disaster. In most of the cases, the cloud providers further subcontract other third parties for backup services, which further raise the concerns.

4.       Accessibility

The access to the applications in cloud computing is facilitated through the internet via web browser. This is again a big security concern as because of some breach the cloud might become accessible from any network device. These devices can be either mobile devices or public computers. Thus, accessibility from the browser exposes the cloud service to additional security risks. As per the reports of the Cloud Security Alliance the top threats in current state of cloud computing is information stealing mobile malware, vulnerabilities in the device OS & official applications, insecure networks (Wi-Fi), proximity-based hacking, and insecure marketplaces.

Conclusion