Cloud computing to usher new threats

Cloud infrastructure and connectivity, as well as devices reliant on it, will lead to new vulnerabilities for enterprises, according to Trend Micro.

The increased reliance on cloud computing will bring with it new flavors of threats, according to Trend Micro.

The security company, in its predictions report for 2010, identified cloud computing as a trend that will amplify threats to companies over-reliant on cloud computing vendors.

It noted that cloud computing, driven by the financial climate, is poised to "take off and grow exponentially", but warned the nature of the cloud makes it an attractive target to hackers, who are drawn to the ease of going after a single cloud serving various customers and taking down "multiple systems secured the same way".

"This creates the potential for one customer to get caught up in the bad guy's attempts to take a fellow customer offline," Trend Micro said in the report.

The increased amounts of data handed over to cloud providers will also pose risks in terms of availability and data privacy, it said. Companies open themselves to the possibility of service providers going out of business, or having physical and internal breaches.

Enterprises must fully assess vendors' security systems, as they will be reliant on the provider's due diligence, advised Trend Micro. It highlighted the importance of avoiding cloud lock-in and being able to switch providers "at will or in line with business needs", so as to retain control over the company's IT processes.

"Many organizations are just waiting for a security model for the cloud which they can own and move with them from vendor to vendor," it said.

Beyond the data center, threats lie in connectivity to the cloud. The report said Web protocol technologies such as SSL (Secure Sockets Layer), DNS (Domain Name System) and BGP (Border Gateway Protocol) are still works in progress, being "developed before security was a consideration".

Security researchers have been identifying flaws in these technologies--last year, a BGP vulnerability was revealed to have been known in the industry for over a decade, but remained an inherent problem.

New devices oriented toward cloud computing will also pose issues for administrators, according to Trend Micro. Google's Chrome OS, which relies on the cloud for updates, may be attractive to IT workers "tired of the constant system patch battle". Announced in July, the Chrome OS, is a browser-based operating system designed to be reliant on the cloud for its apps and data storage. It is targeted to run on thin devices connecting to the cloud.

But whether Chrome would be able to deliver on its security promises remains to be seen, said Trend Micro. Cloud-reliant devices, it pointed out, are open to the host of security vulnerabilities that clouds bring: manipulated connections could drive a user to a spoofed Web site and botnets taking down a cloud would render Chrome-powered devices useless.

"The question is whether any cloud vendor could reasonably ensure that unauthorized access is not possible, that a hacker will never be able to copy millions of user records, login credentials, online banking information, billing information, transaction records and the like," Trend Micro said in the report.