The survey, conducted by Fortify Software at last month’s DEF CON show in Las Vegas, polled 100 high-level IT professionals and hackers and found that 96% said the transition to cloud services and storage would provide for more hacking opportunities.
This idea, that cloud vendors are not implementing enough security measures for their services, appears to be what is driving this opinion among hackers, said Barmak Meftah, chief products officer with Fortify.
"Eighty-nine percent of respondents said they believed this was the case and, when you analyze this overwhelming response in the light of the fact that 45 percent of hackers said they had already tried to exploit vulnerabilities in the cloud, you begin to see the scale of the problem," he revealed.
"While ‘only’ 12 percent said they hacked cloud systems for financial gain, that still means a sizeable headache for any IT manager planning to migrate their IT resources into the cloud," Meftah added.
Meftah said one can only appreciate the scale of the cloud security problem when realizing that, according to market analysis, nearly 20% of businesses will have transitioned IT resources to the cloud by 2014. He explained that many of these organizations would no longer own substantive IT assets, and would instead rely on cloud models – the same cloud products that 45% of the surveyed DEF CON attendees admitted to already having tried to hack.
Delving further into the survey results, 21% of respondents view software-as-a-service (SaaS) cloud systems as most vulnerable, with 33% admitting to having discovered public DNS vulnerabilities, followed by log files (16%), and communication profiles (12%).
Fortify’s Meftah reminds us: “We are talking about hackers having discovered these types of vulnerabilities in the cloud, rather than merely making an observation.”