U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Cloud Computing for Small Business: Criminal and Security Threats and Prevention Measures

NCJ Number
242485
Author(s)
Alice Hutchings; Russell G. Smith; Lachlan James
Date Published
May 2013
Length
8 pages
Annotation
This report from the Australian Institute of Criminology the problem of criminal and security threats and measures to prevent them for small businesses that use cloud computing.
Abstract
Cloud computing is described as the "delivery of computer processing infrastructure, operating systems, software, and data storage over Internet-based public or private computer networks." This paper from the Australian Institute of Criminology examine the problem of criminal and security threats that can affect small businesses that use cloud computing and the prevention measures that can be implemented to minimize this problem. The security lapses that occur in cloud computing include data loss and leakage, and account, service, and traffic highjacking. As reported in this paper, a large number of these lapses are not made public in order to protect the reputations of the service providers. Additionally, recent surveys of cloud service providers reveal that service providers themselves are not confident that the cloud applications and resources they supply are safe from hackers and other security breaches. Examples of crime and security risks faced by cloud service providers are discussed in detail and include authentication issues, denial of service attacks, use of cloud computing for criminal activities, illegal activity by cloud service providers, attacks on physical security, insider abuse of access, malware, side channel attacks or cross-guest virtual machine breaches, vulnerabilities in software applications, cryptanalysis of insecure or obsolete encryption, and structured query language injection. Cloud and security risks targeting cloud computing tenants are also discussed and include phishing, compromising the device accessing the cloud, domain name system attacks, and access management issues. Attacks targeting the transmission of data include network/packet sniffing, man-in-the-middle attacks, and session highjacking and session riding. The final section of the paper examines different preventive measures that can be implemented to prevent criminal and security attacks to cloud computing users. Table and references