Understanding Cloud Computing Vulnerabilities

TLDR

Assessing cloud computing security is hampered by vague use of risk terminology and by conflating general IT risks with cloud‑specific ones, which also magnify existing vulnerabilities and introduce new ones. The study aims to quantify the unique security impact of cloud computing by examining how it alters each risk factor. The authors develop four cloud‑specific vulnerability indicators, construct a security‑focused reference architecture, and illustrate vulnerabilities for each architectural component. They identify and exemplify cloud‑specific vulnerabilities across the reference architecture, highlighting how cloud deployment changes risk profiles.

Abstract

The current discourse about cloud computing security issues makes a well-founded assessment of cloud computing's security impact difficult for two primary reasons. First, as is true for many discussions about risk, basic vocabulary such as "risk," "threat," and "vulnerability" are often used as if they were interchangeable, without regard to their respective definitions. Second, not every issue that's raised is really specific to cloud computing. We can achieve an accurate understanding of the security issue "delta" that cloud computing really adds by analyzing how cloud computing influences each risk factor. One important factor concerns vulnerabilities: cloud computing makes certain well-understood vulnerabilities more significant and adds new vulnerabilities. Here, the authors define four indicators of cloud-specific vulnerabilities, introduce a security-specific cloud reference architecture, and provide examples of cloud-specific vulnerabilities for each architectural component.

References

Page 1

	Year	Citations

Page 1