Cloud computing has become ubiquitous for many companies but keeping it secure can be a challenge.
Cloud Security Alliance Asia Pacific executive council chairman Ken Low shared the alliance’s top nine threats to the cloud at a Trend Micro event in Sydney.
9: Shared technology vulnerabilities
“In 2014, we have seen some of the most critical vulnerabilities such as Heartbleed which affected OpenSSL. That allowed people access to encrypted data,” said Low.There was also the discovery of the Shellshock vulnerability which affected the Bash shell.Cloud service providers can scale their services by sharing infrastructure default to applications but the lack of strong isolation properties in monitored environments make them vulnerable, said Low.He said that virtual patching can stop shared technology vulnerabilities. “Launching without patching is like jumping into a hole. Patching is not easy but you can set up patch management. This needs to be done on a weekend because when Monday comes everyone wants the system up and running.”