2013 is known as the cloud computing industry development "Year One", starting from the beginning of the cloud computing in the technical improvement and application will be more widely used.
According to IDC forecast, by 2015, cloud computing output will exceed 30 billion dollars. At the same time, experts predict that three years, the cloud computing market size of the annual composite growth rate will reach 91.5%. 2010, China's cloud computing market size of 16.731 billion yuan, 2013 will reach 117.412 billion yuan.
At present, even though many experts think this year for the industry, but for users, for its security has remained suspicious, directly led to the development of a troubled. At present, the development of cloud industry is facing nine industry threats:
Threat 1:
Data leaks the biggest nightmare for every CIO is that the company's sensitive internal data has fallen into the hands of rivals, making executives sleepless. Cloud computing adds new challenges to the problem. A report published by researchers at North Carolina State University and RSA in November 2012 showed how a virtual machine uses side-channel timing information to extract the private keys of another virtual machine on the same physical computer. In many cases, however, attackers do not even need such complex operations. If a multi-tenant cloud services database is not designed properly, it may lead to a vulnerability that could result in all customer data being compromised.
Extension
Unfortunately, while data loss and data disclosure are serious threats to cloud computing, the measures you take may alleviate one aspect but may make the other more troublesome, perhaps you can encrypt all the data, but if you lose the key, you lose all the data. Conversely, if you want to take all the data offline backup to reduce the impact of catastrophic data loss, but also increase the risk of your data exposure.
Threat 2:
Data loss is a serious problem for both consumers and businesses. Data stored in the cloud can be lost for other reasons. A single deletion by a cloud service provider, or physical damage due to natural factors such as fire, can result in loss of user data unless the vendor makes a very good backup effort. But the responsibility for data loss is not always on the supplier side, for example, if the user is improperly encrypted before uploading the data and then loses the key himself, it can also cause data loss.
Extension
Many of the commitment policies require an organization to keep an audit record of data security or other forms of document archiving. If the organization's data is lost in the cloud, it can cause the organization's commitment to get bogged down.
Threat 3:
Account or service flow hijacking hackers use phishing, fraud or software vulnerabilities to hijack innocent users. Usually hackers can steal data from multiple services based on a password, because the user does not set a different password for each service. For the supplier, if the stolen password can be landed in the cloud, then the user's data will be eavesdropping, tampering, hackers will return false information to the user, or redirect the user's services to the fraudulent Web site. Not only to the user's own loss, but also to the reputation of the supplier impact.
Extension
Account and service hijacking and usually accompanying certificate thefts remain at the forefront of the threat. After a certificate is stolen, attackers can often access key areas of the cloud service, damaging their confidentiality, integrity, and availability. Enterprise organizations should make the necessary precautions against this technology, and take some deep-seated defensive measures to protect the data from the crisis of leakage. At the same time, users and services should be prohibited to share the account certificate, if necessary, should also take a double authentication mechanism.
Threat 4:
Account or service traffic hijacking the biggest nightmare for every CIO is that the company's sensitive internal data has fallen into the hands of rivals, making executives sleepless. Cloud computing adds new challenges to the problem. A report published by researchers at North Carolina State University and RSA in November 2012 showed how a virtual machine uses side-channel timing information to extract the private keys of another virtual machine on the same physical computer. In many cases, however, attackers do not even need such complex operations. If a multi-tenant cloud services database is not designed properly, it may lead to a vulnerability that could result in all customer data being compromised.
Extension
Most vendors are trying to strengthen the security of their services, and for consumers they may not be able to understand the security issues they might have in the process of using, managing, and monitoring cloud services. Weak interfaces and API settings can cause enterprise organizations to fall into a number of security issues, affecting confidentiality, availability, and so on.
Threat 5:
Denial of service attack in simple terms, a denial-of-service attack is a means by which an attacker prevents normal users from accessing the cloud services normally. It is common to force some critical cloud services to consume a large amount of system resources, such as processing processes, memory, hard disk space, and network bandwidth, causing the cloud server to react extremely slowly or completely unresponsive.
Denial of service (DDoS) attacks have caused a lot of trouble and have been the focus of the media, their attacks may not have a substantive purpose. Asymmetric application-level denial of service attacks are aimed at the fragility of Web servers, databases, or other cloud computing resources, and then run a small malicious program on the application, sometimes less than 100 bytes.
Extension
Traffic peaks encounter denial of service attacks like a big traffic jam, unable to access the target server, in addition to waiting for you do nothing. For consumers, disruption of services not only frustrates their confidence in cloud services, but also causes them to consider shifting critical data away from the cloud to reduce losses. Even worse, since the charging model for cloud services is usually calculated by how much space is consumed by the user's system resources, even if an attacker does not completely paralyze your system, you can incur huge cloud service costs due to huge resource consumption.
Threat 6:
The threat posed by malicious insiders in the security industry from internal malicious personnel has become a contentious topic. The controversy is disputed, and in fact it does exist. Malicious insiders who are at risk for an organization may be employees, contractors, or other business partners who have access to the organization's network, system, and database permissions, and abuse their authority, resulting in impaired confidentiality, integrity, and availability of the system and data of the enterprise organization.
Extension
Internal malicious personnel, such as system administrators, have access to enterprise-sensitive information and critical areas. From IaaS to PAAs and SaaS, the level of sensitive domain that internal malicious personnel can access is increasing, even data. So systems that rely on cloud service providers for security management are at great risk. Even if it is encrypted, if the customer does not have a good grasp of the key, or limits the available time period, then the system may face a threat from internal malicious personnel.
Threat 7:
One of the biggest advantages of abusing cloud services cloud computing is that it allows even the smallest enterprise to use the largest number of computing resources. For most businesses, they can't afford hundreds of thousands of servers, and using hundreds of cloud servers is fine. However, not everyone can make good use of such resources. For example, if an attacker wanted to break a key, it might take several years to use his own machine, and the powerful computing power of the cloud computing server might take a few minutes to fix. Or an attacker could use a cloud server for DDoS attacks, storing malicious software or pirated software.
Extension
More of this threat needs to be considered by cloud service providers. The number of such incidents has increased. How can you prevent others from abusing the services you provide? How do you define "misuse"? How to prevent this from happening again?
Threat 8:
Insufficient review to reduce cost, operational efficiency, security promotion, these advantages let people flock to cloud computing, for those who have the resources to be able to reasonably use cloud technology enterprises, this is indeed a very real goal, but there are many enterprises in the swarmed tide, not really clear understanding of this technology's full picture.
If the cloud services provider environment, applications, operational responsibilities (such as accident responsibility, encryption issues, security monitoring), and so do not fully understand, enterprise organizations if the hasty adoption of cloud computing, it may face the various unknown risks of cognitive deficiencies, which is more serious than the immediate risk.
Extension
Companies that use cloud services rashly may fall into a variety of problems themselves. Contract issues such as responsibilities, obligations, transparency between suppliers and customers, and the degree of conformity of services. After migrating applications that rely on full network-level security control to the cloud, it can be cumbersome and risky to lose control or to provide services that are inconsistent with the customer's needs. Unknown operational and architectural issues can also cause problems as application architects and architects communicate with customers.
The bottom line for companies and organizations migrating to the cloud is that they must have a certain amount of capital, a sufficiently extensive review of cloud service providers, and a good understanding of the risks of new technologies.
Threat 9:
Sharing technology vulnerabilities cloud service providers share infrastructure, platforms, and applications to deliver scaled services. The design of the components that make up these infrastructures, including CPU caching, GPU, and so on, if there is no good isolation mechanism for a multi-tenant architecture (IaaS), a deployment platform (PaaS), or a multiple client application (SaaS), all service patterns are at risk if there is a threat. Deep defense strategies must be established, including computing, storage, networking, application and user security enforcement and monitoring, regardless of the cloud service model. The key is that throughout the cloud service, there must be a complete set of vulnerabilities and misconfigured solutions.
Extension
Shared technologies, such as management programs, shared platform components, and shared applications, have far greater risks than customer behavior, as they can expose the vulnerabilities of the entire system to attackers. These vulnerabilities would be very lethal, far-reaching, and the entire cloud system could be instantly paralyzed.