Chip expert and analyst David Kanter has warned that cloud computing poses “definite” security risks for both corporations and individual end users.
“From a direct security stand point, one problem for cloud computing is the inherent risks of sharing the same physical hardware and software (i.e. multi-tenancy). While the software stack in a hosted environment usually isolates different customers through the OS, or virtualization, those techniques are not 100% perfect,” Kanter wrote in a post on ExecTweets IT.
“Both operating systems and hypervisors have security vulnerabilities that can be maliciously exploited to compromise isolation. Even more obscure, there are actual hardware vulnerabilities in some cases.”
In addition, Kanter emphasized that the hosting provider typically had access to customer data and applications for maintenance purposes.
“This means that the privacy and security in a cloud provider are as weak or as strong as the restrictions the hosting provider puts upon their employees. The right way to resolve this issue is end-to-end encryption.”
Finally, Kanter noted that security weaknesses in the network between the cloud provider and the client may also pose a risk to users.
“This threat exists for internal IT as well; the corporate intranet could be compromised. However intranets are usually not visible to the outside world, whereas communicating with a cloud provider requires an external connection,” Kanter observed.
“Again, truly end-to-end encryption would obviate this issue, but the only systems really designed for fully encrypting network traffic are based on Niagara II or require the use of specialized network cards.”
