Tuesday, June 23, 2015

Cloud Security -Threat Agents


I wanted to share this discussion topic which I am currently taking in my cloud computing course.I am overwhelmed to receive superior content for this and thought must share it on my blog...

Describe the basic threat agents relevant to cloud computing, including: Anonymous Attacker, Malicious Service Agent, Trusted Attacker, and Malicious Insider.  Why is this an important Security Concern? 

The basic threat to cloud computing can be enumerated as Ease of Use, Secure Data Transmission, Insecure API’s, Malicious Insider, Shared Technology Issues, Data Loss, Data Breach, Account/Service Hijacking, Unknown Risk Profile, Denial of Service, Trusted Attacked, Anonymous Attacker, Malicious Service Agent and so on.
All these have a different way of intruding into the privacy or secure cloud platform but the end result of creating a security flaw/threat remains the same.
Below are few descriptions for threat agents:
  1. Malicious Insiders: People related to an organization having details/access to their resources.
  2. Insecure APIs: APIs are accessible anywhere on the Internet and malicious attackers can use them to compromise on confidentiality and integrity of enterprise customers.
  3. Anonymous Attacker: on trusted threat agent that usually attacks from the outside of the cloud boundary.
  4.   Malicious Service Agent: Able to intercept and forward the traffic that flows within the cloud.Trusted Attacker: Shares IT resources in the same environment as the consumer and attempts to exploit legitimate credentials. Also known as malicious tenants.
All these threats and agents pose a big concern as data and privacy can be exploited. This affects the people, organization and the business to a great extent. A small amount of modification to any of these is a huge risk to the individual and company. No one wants to lose data or be a victim of any bad circumstance and these threats I would say are widely known ones but one needs to dig to make sure unknown threats do no bind them in any way. Unknown threats can be realized based on the cloud model deployed and the security architecture built around it. Every organization should have Security concerns as their top priority to be able to carry out their day-to-day business actions smoothly. 

References:

Response to discussions on this topic
"Thanks for sharing your experience and yes security can be a far sight with our current ways of working.I agree that in our day to day work getting people adhere to certain security measures is painstaking.However I also feel this is a regional aspect.To give you an insight it is America and few more countries security is not given much weightage because of the fact things with cyber crime and other intrusions are on a scale which is not measured on a daily basis.In developing countries where security is an instinct by itself as every day one faces a attack in a small or big form.
Taking your scenario back in my place in India we used to lock computers once we step out of our desks in a software company and used passwords to open sensitive documents.Even payroll to view , you will have a long password which includes id's,birth and company details to unlock one pdf file.I used to hate it as every time I had to look up a number of mails to decode it.It is tough for my known facts to be accessed which goes to say security is inbuilt in a hard way and that is where we all should head to.
Very glad you brought this up as a balance has to be created which needs a lot of effort and others cooperation as well."

No comments:

Post a Comment