Cloud to open more hacking opportunities

SAN MATEO, USA: An in-depth survey carried out amongst 100 of the elite IT professionals attending this year's DEF CON 2010 Hacker conference in Las Vegas recently has revealed that hackers view the cloud as having a silver lining for them.

And a gold, platinum and diamond one, it seems, as an overwhelming 96 percent of the respondents to the Fortify Software-sponsored poll said they believed the cloud would open up more hacking opportunities for them.

Also read: Cloud Computing to drive economic growth

This is being driven, says Barmak Meftah, chief products officer with the software assurance specialist, by the belief from the hackers, that cloud vendors are not doing enough to address the security issues of their services.

"89 percent of respondents said they believed this was the case and, when you analyze this overwhelming response in the light of the fact that 45 percent of hackers said they had already tried to exploit vulnerabilities in the cloud, you begin to see the scale of the problem," he said.

Also read: Choosing the right cloud platform

"While 'only' 12 percent said they hacked cloud systems for financial gain, that still means a sizeable headache for any IT manager planning to migrate their IT resources into the cloud," he added.

Breaking down the survey responses, 21 percent believe that Software-as-a-Service (SaaS) cloud systems are viewed as being the most vulnerable, with 33 percent of the hackers having discovered public DNS vulnerabilities, followed by log files (16 per cent) and communication profiles (12 per cent) in their cloud travels.

Also read: Top Ten Cloud Computing Predictions for 2010

"More than anything, this research confirms our ongoing observations that cloud vendors - as well as the IT software industry as a whole - need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource," Meftah added.

"It is of great concern to us here at Fortify that the message about software assurance has still to get through to everyone in the software development community, and the DEF CON survey results strengthen our resolve to get this message across to as large an audience as possible," concluded Meftah.