As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. Cloud systems and images have operating system and component vulnerabilities just like those in the enterprise. For example, Heartbleed, Shellshock and other major bugs can affect cloud systems, and there are new issues to worry about as well.
In addition, malware outbreaks and account hijacking attacks can occur in the cloud, such as the Amazon Web Services (AWS) outbreak of Zeus botnet infections in its environment after tenant accounts were taken over. The Cloud Security Alliance (CSA) has published a list of the top threats to cloud, and while not called out explicitly, a major theme of the top threats focuses on the cloud's increased attack surface.
Download this SANS Analysis which details:
- Security pros and cons of different cloud types;
- The evolution of DevSecOps;
- Threat modeling and attack vector analysis for improved cloud security.