Is the cloud a hacker's paradise? A survey at last month's Defcon hacking conference paints that picture.
Sponsored by security vendor Fortify Software, the survey asked 100 hackers who attended Defcon about security in the cloud. A sizable 96 percent said they believe the cloud opens up more hacking opportunities, while 89 percent said cloud vendors aren't doing enough to address cybersecurity issues.
Among the hackers surveyed, 45 percent said they had already tried to exploit vulnerabilities in the cloud. Although only 12 percent admitted to hacking into cloud systems for the money, that's still a significant percentage to ponder for companies moving to the cloud, according to Fortify. A Gartner study from earlier this year found that by 2012, 20 percent of businesses will own no back-end IT assets of their own, planning instead to store everything all in the cloud.
Drilling down further, 21 percent of those questioned see software as a service (SaaS) cloud systems as the most vulnerable. Among the hackers who'd snooped around the cloud, 33 percent said they found vulnerabilities in the public DNS (Domain Name System), 16 percent have hacked into log files, and 12 percent have been able to check out communications profiles.
"More than anything, this research confirms our ongoing observations that cloud vendors--as well as the IT software industry as a whole--need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource," Fortify chief products officer Barmak Meftah said in a statement.
Other surveys have likewise found that IT professionals see the cloud as a risky place to house resources.