We often hear that security and privacy concerns are the main inhibitors to cloud adoption. But what are the true threats? Is the cloud really more dangerous than your on-site data center? I would say that virtualization and cloud computing aren’t inherently more dangerous, but they have unique infrastructure that must be addressed when creating a security foundation.
There are similar attacks across physical, virtual, and cloud infrastructures—data-stealing malware, web threats, spam, phishing, bots, etc. So many companies are tempted to deploy their security for dedicated physical servers and endpoints on their virtual machines in their data centers and in the cloud. But although the types of attacks may be the same, how they exploit virtualization and cloud infrastructure can be different. And conventional physical security will not provide sufficient protection for these environments.
Trend Micro just released a report on the security threats to virtualization and cloud computing, which is posted in the Threat Trends section of the website. I know I may be biased working for Trend Micro, but this is truly one of the better threat reports I’ve read. It starts with global adoption statistics for virtualization and cloud environments. Then it covers security risk specific to both virtualization and the cloud. For example, for virtual infrastructure, the report discusses communication blind spots, inter-VM attacks, hypervisor compromises, and much more. But it also describes how security solutions should be “virtualization-aware” to provide better protection and to make the best use of virtual resources. For cloud computing, the report starts by discussing the different cloud models and who has responsibility for security, followed by threats to private, public, and hybrid clouds.
The report also weaves in real-world threat examples. Readers see that these threats are not just hypothetical, but are actually occurring in the wild. And as the adoption of virtualization and cloud computing grows, cybercriminals will undoubtedly increase their efforts to penetrate these environments. To help defend against this, Trend Micro also released a Virtualization and Cloud Security Best Practices paper in addition to the threat report. What use is knowing the threats if you don’t know how to combat them?