1. How does a typical cloud user
interacts,manages and configures his cloud ? This interaction is achieved with
Cloud Computing providers exposing the user to a set of software interfaces or
APIs.Thus the overall demand,settings,managing and all configuration is
achieved using this interface and APIs only.Thus comes the aspect of security
of handling and designing these interfaces and APIs.The security and
availability of ANY cloud service is dependent upon the security of these basic
APIs. From authentication and access control to encryption and activity
monitoring, these interfaces must be designed to protect against both
accidental and malicious attempts to circumvent policy.Not only this,but all
the third parties often build upon these interfaces to offer value-added
services to their customers. This introduces the complexity of the new layered
API.The recommended remediation's vide CSA are mentioned below :
- Analyze the security model of
cloud provider interfaces.
- Ensure strong authentication
and access controls are implemented in concert with encrypted transmission.
- Understand the dependency chain
associated with the API
2. Thanks CSA : CLOUD SECURITY ALLIANCE