John Howie, the former COO of the Cloud Security Alliance, says that risks to users are evolving fast day by day even secure providers aren't enough;
If concern over cloud security has taken a step or two ahead, it remains just off center stage, as it still shows up in surveys as a diminished but it is a still present concern. Therefore the confidence in the way the cloud providers manage security has risen as the sun sets on the first decade of cloud computing.
Howie was COO of the Cloud Security Alliance from 2012 to 2014 and is a principal of Howie Consulting Inc . He is now the chief privacy officer and head of cyber security at the Hauwei Consumer Business Group, have announced in a webinar broadcast by IEEE Jan. 24 that “new threats are evolving with the cloud" And, a former chief operating officer of the Cloud Security Alliance explains in a broadcast that why cloud security’s importance should be moved offstage in the IT manager's consciousness.
Howie started pointing out that “the users' assumption is that the cloud environment is much more secure than the enterprise data center and also acknowledging that this perception has taken place that both providers of infrastructure as a service and software as a service have made great implications in establishing secure operations. However he also agreed upon a point that the cloud environments are "very clean."
But the world of computing continues to change and new threats are evolving alongside the cloud, he said. The main threats arise from poorly built or configured applications that loaded into the cloud containing vulnerabilities. Usually problems will be confined to that application, but richly concentrated and populated cloud environment is an excellent breeding ground if malware does escape from such an application, he said.
As the cloud data centers are connected to the other cloud data centers by high speed lines, which offers a superhighway upon which malware can spread easily. In addition to this few customers are using just one cloud, so malware can spread into more than one vendor's cloud data center at a time.
Howie said that the such as Drop Box or code-sharing sources which are File and document-sharing services are all potential sources of individual infection, followed by use of corrupted files or software inside the company firewall which can lead to an outbreak of company information and the IT staff, despite its best efforts, will encounter great difficulty in preventing it. He also said that risk of intrusion grows as enterprise employees adopt cloud services for their own use rather than waiting for provisioning from the company's IT staff.
Howie said during the webinar. That "The cloud administrator at your company may be unaware that today's bring-your-own-device means bring -your-own-cloud,"
Everyone acts in a good faith in front but openings and exposures being created beyond the view of corporate IT because mobile users may be accessing cloud services and storing corporate data in them without the knowledge of IT. They may be forming industry collaboration groups that could include the employees of competitors.
Without raising concerns in the CFO's office. The Mobile workers can sign up for free or low cost services and expense them to the company underneath the radar of the IT budgeting process.
He warned that "The hyper-connectedness of the clouds allows malware to shift more easily from one system to another". The landscape of threats has evolved as the attackers are now targeting the cloud as a away to get access to corporate data" and make their way past corporate firewalls.