Is the cloud a hacker's paradise? A survey at last month's Defcon hacking conference paints that picture.
Sponsored by security vendor Fortify Software, the survey asked 100 hackers who attended Defcon about security in the cloud. A sizable 96 per cent said they believe the cloud opens up more hacking opportunities, while 89 per cent said cloud vendors aren't doing enough to address cybersecurity issues.
Among the hackers surveyed, 45 per cent said they had already tried to exploit vulnerabilities in the cloud. Although only 12 per cent admitted to hacking into cloud systems for the money, that's still a significant per centage to ponder for companies moving to the cloud, according to Fortify. A Gartner study from earlier this year found that by 2012, 20 per cent of businesses will own no back-end IT assets of their own, planning instead to store everything all in the cloud.
Drilling down further, 21 per cent of those questioned see software as a service (SaaS) cloud systems as the most vulnerable. Among the hackers who'd snooped around the cloud, 33 per cent said they found vulnerabilities in the public DNS (Domain Name System), 16 per cent have hacked into log files, and 12 per cent have been able to check out communications profiles.
"More than anything, this research confirms our ongoing observations that cloud vendors--as well as the IT software industry as a whole--need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource," Fortify chief products officer Barmak Meftah said in a statement.
Other surveys have likewise found that IT professionals see the cloud as a risky place to house resources.
Return to security news headlines
View Security News Archive