While cloud computing has become a hot technology trend, more of its security black holes are being exposed, the Russ McRee, a network security expert, who demonstrates how a security flaw in a cloud computing service provider exposes many of its customers to risk. The exposed vendor, Jack, a software-service (SaaS) provider, provides search and other Web services for technology, E-commerce and other types of Web sites. McRee found an XSS (cross-site scripting) error in Jack's social search function, which can be exploited to attack customers who use the feature heavily. The vulnerability could be easily exploited by hackers, according to McRee released video (http://www.holisticinfosec.org/video/baynote/ baynote.html) shows that California State Milpitas's host bus adapter manufacturer LSI Corporation and data management vendor NetApp are the two Jack customers affected by the vulnerability. McRee stressed that Jack quickly responded and fixed the problem. But his findings point to the potential Achilles heel of cloud computing: a single point of failure for a vendor can affect the security of many of its customers. "Even if the SaaS vendor has only one flaw, it could be a Web application flaw, a negligence in network security, or a failure of physical security, and its customers will all be exposed to security risks," he said. The strength of an enterprise's security depends on its weakest link, and if you let others manage it, you must take security into account before you marry your business. "Prior to this, security experts have repeatedly warned companies not to put all the eggs in one basket." "In January this year, Salesforce.com's downtime made it impossible for its more than 900,000 customers to access their critical data and proved the security risks of relying on a provider." Of course, this type of security problem is not only met by cloud computing, but businesses cannot think of SaaS as a panacea and must pay due attention to the security of providers, as McRee mentioned, where software, or service vendors, should at least provide a higher level of safety protection than traditional manufacturers.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
