Malware that stole 45,000 Facebook logins highlights security hole from cloud

Social-network, SaaS connections give malware pipeline through security in corporate nets

By  

Infecting a Facebook, Gmail or other social-networking or cloud-based account not only makes it easier to spread a virus, it exposes far more sensitive corporate networks via links many workers maintain between social networking sites, cloud-based email or other services and their internal corporate network accounts, Seculert reported.

As cloud use grows, so do holes in corporate security

Malware designed to penetrate corporate accounts by leapfrogging from Facebook or other cloud-based networks are getting a lot of help from the robust connections many companies are building between their internal networks and software-as-a-service providers such as Salesforce, Gmail, Amazon Web Services and other cloud-based IT services.

Sixty-five percent of companies in Europe and North America have made relatively serious commitments to SaaS or cloud-based services according to a Dec. 5 survey of 3,500 businesses released Dec. 5, 2011 by Computer Sciences Corp.

The Cloud Usage Index Report showed huge variability in the goals and degree to which corporations are adopting SaaS or cloud-based computing services.

Nearly two thirds – 65 percent – have committed to cloud- or SaaS in a serious way with contracts lasting 12 months or more.

Most view cloud and SaaS services as part of an overall effort to give employees connections to critical data from a variety of mobile devices, save money on the cost of building universal-access networks or new mobile services of their own and improve the services.

Cloud services offer so much flexibility and such easy access to new services that they sneak in under the transom – bought by business managers buying from outside rather than wait for IT to approve a project, for example, according to a variety of cloud-analyst reports.

IT can't stop cloud, has to learn new sources of old threats

That rogue aspect – and the virtual guarantee that specialists providing SaaS from outside rather than supporting all corporate applications from inside – virtually guarantee end users will perceive cloud services as better than internal IT and will continue to buy them even over opposition from IT, according to Bernard Golden, a CIO.com columnist and CEO of cloud-consulting company HyperStratus.

Hackers using Ramnit, Zeus and other modified malware take advantage of connections to cloud-based services.

Photo Credit: 

Reuters

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question