HP and the Cloud Security Alliance (CSA) have identified the top cloud computing security threats in a new document which features research on the subject.   The CSA has provided a warning to organizations to be aware of technology that accumulates sensitive personal information such as credit card numbers, social security numbers and employee information.     Prevention is less expensive that cleaning up after a data loss or regulatory compliance violation, which require notification and system modification.   Chris Whitener, HP's chief security strategist, noted that although cloud computing can reduce capital expenditures, managing risks is often overlooked.  "The No. 1 thing you shouldn't do is approach this with complete ignorance," Whitener stated. "And unfortunately, this is something that a lot of people do. Understand and limit your risk profile. If you approach this with complete abandon, you're asking for it."  

Cyber criminals have learned to exploit cloud computing systems and use botnets to distribute malware and spam.    The CSA noted that precautions should be taken against application programming interfaces (APIs) which are utilized for application interoperability which may be an area of vulnerability.   According to the CSA, the top seven cloud computing threats are:   

1. Abuse and nefarious use of cloud computing

2.  Insecure application programming interfaces

3.  Malicious insiders

4.  Shared technology vulnerabilities.

5. Data loss/leakage

6.  Account, service and traffic hijacking.

7. Unknown risk profile 

"There are plenty of motivations for startups and ordinary businesses to use the cloud. Four out of five use the cloud because they don't have to go to their VC and ask for startup money for IT," Whitener stated. "There's a lot of power in the cloud, and with that power comes the ability to quickly get lost. Limit your risk profile so that it makes the most sense for your organization."

Related Link:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1395924,00.html