Assessing Cloud Node Security
28 March 2011
Some major Cloud providers currently expose their clients’ data to the risk of compromise as a result of serious flaws in the implementation of their technologies. This is the key finding of a major new survey of the security of Cloud nodes completed by Context Information Security.
The growing trend in migrating systems to use Cloud infrastructure to take advantage of the cost savings and flexibility that this form of IT provision can offer has caused concern within the security community, because this virtual and dynamic environment creates a new threat landscape.
This whitepaper is the result of research undertaken by Context into the technical risks associated with Cloud computing infrastructure nodes. Context rented a range of Cloud nodes currently offered by the major providers and performed a review of their security, including the limitations imposed by providers on the types of technical security testing allowed to be performed.
The methodology, results, challenges and recommended mitigations are detailed in this whitepaper, which sets out best practices for securing Cloud nodes as an end user and will help end users to assess and reduce any associated risk to their systems. Information about the general security issues discovered in actual Cloud nodes has also been fed back to the providers to enable them to resolve these issues.