Understanding Cloud Computing Vulnerabilities
The present discussion on cloud computing security concerns makes a well-substantiated evaluation of cloud computing’s security effects difficult for two major grounds. First, while it is true for numerous discussions about risk, simple vocabulary such as ‘threat’, ‘vulnerability’ and ‘risk’are frequently used as if they were interchangeable, neglectful of their respective definitions. Secondly, while many issues are raised, not all of them are specific to cloud computing. In order to achieve an accurate perspective of the security issue “delta” that cloud computing truly adds, we analyze how cloud computing impacts each risk factor. One significant factor concerns ‘Vulnerabilities’: cloud computing outlines certain well-understood vulnerabilities as more important while increasing new vulnerabilities. In this study, the authors describe four cloud-specific vulnerability indicators, establish a security-specific cloud reference structure, and offer illustrations of cloud-specific vulnerabilities for each structural component.
Vulnerability is a significant risk factor, which can be measured in terms of both the probability of a harmful event taking place and its outcome. For instance, a loss event takes place following a hacker (threat agent) successfully exploiting a vulnerability. However, the frequency with which this occurs is dependent on two factors. One, the frequency is determined by both the agents’ incentive and how much access they have on their targets. That is, what they stand to gain, the effort required and the risk involved. The second factor is the variations among attacker’s capabilities and the system’s aptitude to resist the attack. Therefore, Vulnerability is defined as “the probability that an asset will be unable to resist the actions of a threat agent”.