Being a user of and a promoter of cloud computing, I am also aware of challenges to the security of cloud computing environments. Cloud computing suppliers come in several flavors. I’ll address two of them here: 1) those who provide virtual hosts; and 2) those who provide automatically-scalable hosting solutions without distinguishable hosts.
A virtual host looks like an actual server. You (or your programmer/sysadmin) can use it as if it were your own dedicated server. In fact, however, it is only a portion of a much larger server. Rackspace/Mosso, and Slicehost are two I’ve discussed and actually use. The focus is on the virtual server.
An automatically-scalable hosting solution is a service or set of services which are hosted on one or more computers, and you can’t actually tell how big the server is or for that matter, whether it’s a whole array of servers. The focus is on the virtual service (not the server itself).
What’s good: Virtual servers are a more secure environment than shared servers because you are only dependent on your own security efforts. (On a shared server, if another user picks a poor password, or doesn’t upgrade their PHP software when security upgrades are released, you can be hacked if their account is compromised.) Automatically-scalable hosts may also be secure in this same way if accounts are adequately protected from each other.
What’s bad: A root compromise of a virtual server may be possible. In fact, it’s probably inevitable that such things will happen. And if you don’t update your underlying software (like WordPress, for instance), they you’re likely to be in trouble anyway. So ultimately any server can be compromised.
“Cloud-clobbering” (talk – is cheap)— cloud servers may become a target for hackers.at the 7th Hack in The Box Security Conference in Kuala Lumpur.
I’ve written about “economic denial-of-sustainability” attacks, in which an attacker causes a cloud user to so scale up their server usage that it becomes economically impossible for the defender to survive. These wouldn’t be possible if there were no cloud computing.