Risks | Cloudcontrols.org – Cloud assurance compliance
Google

Risks

The risks are divided into the following categories.

  • Technical Risks – Technical aspects of cloud infrastructure. (34 risks)
  • Security Risks – Security aspects of cloud specifically related to infrastructure (44 risks).
  • Legal Risks – Legal, assurance and compliance risks (6 risks)
  • Outsourcing risks – Risks related to the outsourcing of activities, specifically related to infrastructure (45 risks)
  • Co-tenancy Risks – Risks related to the co-tenancy aspect of cloud infrastructure (10 risks)
  • Virtualisation Risks – Virtualisation-specific risks addressing the hypervisor, infrastructure and policies (3 risks)

Changes:

  • 9/6/2012 – Control sheet 1.0 released, incorporates risks listed below
  • 11/4/2011 – Version 1.1 adds 25 new risks (marked as “1.1”)
  • 7/13/2011 – Version 1.0 published

Download Microsoft Excel 2010 version of the risk list: Cloudcontrols – risks.xlsx

Technical Risks

TECH-01 Resource exhaustion
Not enough capacity available to meet increase in customer demand. In situations where clients are excessively adding resources, the risk of resource exhaustion might occur.
TECH-02 Spam overloading customer environments or causing problems with external services.
Outgoing or incoming spam causing performance bottlenecks in customer environments. Spam makes up 90% of all e-mail traffic. Detecting spam is a resource-intensive process. On heavy-load environments, the amount of spam may bring down the provided services.
TECH-03 Procedures restricting the service
Procedures and policies get in the way of service provision or problem resolution. If an organization does not have the flexibility to deal with unforeseen circumstances the services could be threatened if those circumstances occur.
TECH-04 Unsafe working environment.
Unsafe working environment resulting in technical or financial issues or prohibit adequate problem solution. When performing activities outside of the office workplace, the same risks apply.
TECH-05 Over-dependance on certain members of the personnel
The loss of critical personnel may lead to a loss of control over the IT infrastructure or a reduction in incident response capability.
TECH-06 Errors in communication with third parties.
When a service provider works with suppliers, there is a risk service agreements or procedures are incorrectly defined. This risk also covers working with suppliers and consultants working on the service organisation’s premises.
TECH-07 Loss of synchronised time keeping.
Timestamps of system and audit logs are essential to adequate handling of incidents. Loss of synchronised time keeping will lead to errors in analysis of issues and incidents.
TECH-08 Provider loss of service due to termination or failure.
This risk covers all situations where a technical failure occurs at a supplier, a supplier terminates its service intentionally or because of a change in business circumstances.
TECH-09 Distributed Denial of Service
A distributed denial of service attack on one or more IP addresses within the network threatens the service.
TECH-10 Loss (not compromise) of operational logs
The loss of operational logs makes it difficult to evaluate operational variables. The options when solving issues are limited when no data is available for analysis. Loss of operational logs may occur in case of under-provisioning of storage.
TECH-11 Loss (not compromise) of security logs
The loss of security logs poses a risk for managing the implementation of the information security management program. Loss of security logs may occur in case of under-provisioning of storage.
TECH-12 Loss of backups
A lack of data-restore options, when backup data is lost or damaged, can put the provided service levels at risk.
TECH-13 Natural disasters
Natural disasters threaten cloud provider infrastructure. This risk must include possible increased risk probability related to the location of the cloud provider’s infrastructure.
TECH-14 Data Center Outage
Datacenter power or cooling failure or other calamity leads to failure in provided services.
TECH-15 Data Storage Failure
Data can be lost or access to the storage network can be prohibited. Also, when meta-information of data is lost, similar problems may occur.
TECH-16 External Network Outage
The cloud provider might lose it’s external network connections. External connectivity is a crucial part of the provided services.
TECH-17 Server Failure
Failure of server nodes hosting the actual customer environments.
TECH-18 Cloud Provider Network Failure
Failure of the internal cloud provider’s switching and routing network may threaten connectivity for customer environments.
TECH-20 Management interface failure
Most cloud providers provide their a management interface for clients through which they can operate their services. Errors in Management Interface software disrupt service or data integrity.
TECH-21 Management Systems Failure
The cloud provider management systems controls the infrastructure and allocates resources. Errors in these systems can disrupt service or data integrity
TECH-22 Loss of data because of loss of data ownership
The meta-information of stored data is essential in linking data to its owner. When metadata is lost, the data itself could be lost as well.
TECH-23 Human Error resulting in failure
Cloud provider’s personnel can introduce technical failure due to lack of experience, knowledge of responsibility.
TECH-24 Loss of equipment governance
Inadequate management of equipment may lead to loss of control of equipment. Hardware may go missing, can be purchased twice, handed over to the wrong parties or provisioned incorrectly.
TECH-25 Maintenance causing disruptions
Maintenance performed by the service provider can cause unplanned outages, disrupting the provided service.
TECH-26 Inadequate technical risk planning
The risks recognized in the risk analysis process are not properly translated into the risk management program. Adequate risk management includes planning of the risk management program activities.
TECH-27 Inadequate implementation of risk mitigation measures
Mitigation measures derived from the risk management program are not properly implemented.
TECH-28 Introduction of new components leads to technical failure
The introduction of new system components may lead to technical risks impacting the quality and continuity of provided services.
TECH-29 Lack of maintenance or replacement of IT infrastructure components.
Existing components are not maintained properly and not replaced in time, leading to technical failure.
TECH-30 License risks
Mismanagement of software licenses leads to legal risks or threatens the service.
TECH-31 Loss of customer account or management system configuration data.
Customer account and configuration data is essential in the service provisioning process. Loss of customer account and configuration data can lead to loss of service.
TECH-32 Provider office systems unavailable.
Provider can not manage the service because its office systems are not available for its employees.
TECH-33 Changes to third party services causes failures in provider system.
Planned and unplanned changes performed by suppliers on their supplied services may causes failures in the provider system.
TECH-34 Data migration, backup recovery or other provider activity leading to data loss. 1.1
Data migration or backup recovery by cloud provider leading to data loss.
TECH-35 Inadequate technical risk analysis
Risk analysis is not thorough enough and essential technical risks are overlooked in the risk analysis phase.

Security Risks

SECUR-01 Customer management interface compromise
The management interface is exposed to the public internet to provide broad access for customers. Vulnerabilities in the management interface could lead to unauthorised access and compromise of underlying systems.
SECUR-02 Insecure or ineffective deletion of data
Insecure or ineffective deletion of data leads to exposure of data to unauthorised parties. Common examples include disposal of storage devices and removable media and deletion of data after deprovisioning of customer services.
SECUR-03 Incomplete deprovisioning of access
Incomplete deprovisioning of access leads to unauthorised access. Attempts to access deprovisioned services may indicate malicious intent.
SECUR-04 Loss of equipment ownership leading to security risks.
Poor equipment management leads to loss of hardware governance and unauthorised access.
SECUR-05 Loss of data ownership within network
Third parties can get access to customer data due to a loss of ownership. Data might be assigned incorrectly to other clients or get transferred to testing-environments
SECUR-06 Loss of control over paper based information or information media leading to security risks.
Paper records and media must be kept safe. Loss of control over paper records or media can lead to security risks.
SECUR-07 Compromised backup system
Vulnerabilities in backup system can lead to unauthorised access and data leakage. Since backups essentially exist of a representation of a production system, sensitive data will be present in backups.
SECUR-08 Compromised hardware (not physical)
Unauthorised access is gained to the software that directly controls the hardware components. Routers, switches and other network components must be included in evaluating this risk.
SECUR-10 Data leakage on up/download, inter-cloud
Data could be intercepted when traversing the public internet.
SECUR-11 Loss of encryption keys
The loss of encryption keys required for secure communication or systems access provide a potential attacker with the possibility to get unauthorised assets.
SECUR-12 Undertaking malicious probes or scans
Network scans from outside or inside provides attackers knowledge of the network structure and system flaws. Scans are always performed with malicious intent and successful scans provide additional risks.
SECUR-13 Compromised provider cloud management systems (including logging system)
Vulnerability in cloud provider management systems leads to unauthorized access.
SECUR-17 Privilege escalation
A mistake in the access allocation system causes a customer, third party or employee to get more access rights than needed.
SECUR-18 Human error leading to vulnerability
Human oversight in performing those activities may lead to unauthorised access or system vulnerabilities due to misconfiguration..
SECUR-19 Social engineering attacks
Providing misinformation or other forms of manipulation lead to unauthorised access.
SECUR-20 Provider workplace systems are compromised electronically.
Cloud provider’s workstations could provide access to cloud infrastructure, making it a likely target for outside attacks.
SECUR-21 Wireless device or wireless network breach
Wireless networks provide access to workplace environments. Drive-by attacks on the wireless network targeted at obtaining unauthorised access to the IT infrastructure can occur. Wireless networks also provide a direct method to attack a workplace environment without physical access to the premises.
SECUR-22 Unauthorized access to premises/physical hardware
Unauthorised physical access leads to compromise of systems or customer privacy. Attackers might gain access to premises to tamper with equipment.
SECUR-23 Theft of computer equipment
Hardware theft from company or employees leads to compromise of systems or customer privacy. Stolen equipment can be used to try to gain access to cloud provider’s infrastructure.
SECUR-24 Malicious insider
One or more malicious insiders abuse their access rights to compromise the system.
SECUR-25 Lack of planning and strategic adaptability leads to security oversight
Known security risks are not dealt with due to a lack of planning and commitment.
SECUR-26 Inadequate response to security breach.
Inadequate response to a security incident leading to increased damage or vulnerabilities. Evidence of the attack could be destroyed when handling the security breach.
SECUR-27 Organisation does not learn from security incidents.
Organization finds it difficult to adapt procedures and its IT configuration after a security incident exposes weaknesses to them.
SECUR-28 Compromised logs prohibit effective response.
Compromised or deleted logs prohibit effective response to security breach as analysis of the incident can not properly be performed. Logs might be faked by an attacker misleading the security analysis.
SECUR-30 Third party personnel inadvertently causing a security breach.
Third party personnel are causing vulnerabilities by not following procedures, following incorrect procedures or being misinformed.
SECUR-31 Third party personnel purposefully causing a security breach.
Provider personnel causing a vulnerability or unauthorised access situation on purpose.
SECUR-32 New components introduce a security risk
The introduction of new system components may lead to vulnerabilities in the information system.
SECUR-33 Security breach is not spotted
A security incident is not recognized (false negative) or mistakenly regarded as a true negative.
SECUR-34 Accessibility of ports, unnecessary software or weak protocols making breach of the IT infrastructure possible.
Running unnecessary services on publicly accessible systems provide an attack vector to malicious outsiders.
SECUR-35 Compromise of publicly available information systems.
Publicly available information systems like wiki’s or forums are compromised. Leading to reputation damage and security risks.
SECUR-36 Security plans are not properly implemented.
Faulty implementation of security policies results in vulnerabilities.
SECUR-37 Security incident recognition system reports too many false positives.
Too many false positives from the incident recognition management system result in a decreased responsiveness to incidents.
SECUR-38 Important security events in outside world are not spotted.
Outside security developments or threats are missed by the organisation..
SECUR-39 Security vulnerability in provider systems.
Security vulnerability in the provider information systems leading to compromise..
SECUR-40 Interfacing with third parties is compromised.
The interfacing from the provider information system with third parties is compromised.
SECUR-41 Off site media and equipment posing a security risk.
Equipment or media that is taken off-site are at risk of compromise.
SECUR-42 Poor network design and configuration leading to security vulnerabilities.
Network design and configuration are leaving attack vectors open.
SECUR-43 Poor information system design and configuration leading to security vulnerabilities.
Lack of design and architecture of information systems will lead to security issues due to a lack of overview of security implications when developing the information system.
SECUR-44 Privileged provider information becoming public knowledge without the provider noticing.
Confidential information regarding configuration, passwords or procedures is leaked to outsiders without the provider noticing.
SECUR-45 Breach of one system leads to breach of multiple systems.
Once access is gained to part of the information system is gained, access to other nodes in the infrastructure is usually easy.
SECUR-46 Incomplete security risk analysis.
Risk analysis is performed properly and essential security risks are overlooked in the risk analysis phase.
SECUR-47 Provider password storage is compromised. 1.1
Provider password storage is compromised leading to unauthorised access.
SECUR-48 Connection between employees working externally and the network is compromised. 1.1
Connection between employees working externally and the network is compromised leading to unauthorised access.
SECUR-49 Privilege breach 1.1
An unauthorised person gains access to the IT infrastructure on purpose.

Legal Risks

LEGAL-01 Subpoena and e-discovery
Customer data and services are subpoenaed or subjected to a cease and desist request from authorities or third parties.
LEGAL-02 Risk from changes in jurisdiction
Change in jurisdiction of the data leads to the risk the data or information system is blocked or impounded by a government or other organisation.
LEGAL-03 Data protection risks
Cloud provider failure to comply with data protection laws and SLA-agreements can lead to breaches of law and regulations.
LEGAL-04 Change of law, jurisprudence or regulation.
Change of law, jurisprudence or regulation resulting in extra costs or risks for both the client and the service organisation.
LEGAL-05 Change in government policy towards basic rights or corruption
Change in government policy towards property right, privacy or a government corruption threatens the service the provider can deliver.
LEGAL-06 Data disposal policy or practice resulting in breach of law. 1.1
Data disposal policy or practice of the cloud provider resulting in breach of law.

Outsourcing risks

OUTSRC-01 Supplier Lock-in
Technical and contractual difficulties prohibit customer to move to another cloud provider. This results in a poor negotiating position and risks if the service is compromised in any way.
OUTSRC-02 Mismatch between SLA and delivery.
Cloud provider internal miscommunication causes mismatch between SLA and delivery.
OUTSRC-03 Conflicts between customer hardening procedures and cloud environment
Unclarity about cloud provider hardening procedures leads to blind spots or limitations in the customer infrastructure.
OUTSRC-04 Licensing risks (related to ownership of customer data and software)
The customer should always retain ownership over its software assets located within the cloud provider environment.
OUTSRC-05 Cloud provider suspends service.
A customer service is suspended or throttled by cloud provider.
OUTSRC-06 Unavailability of operational information.
The customer does not receive the proper operational information regarding their IT infrastructure.
OUTSRC-07 Unavailability of data on SLA achievement
Data on SLA achievement is not available causing the customer not being able to verify the delivered results.
OUTSRC-08 Compliance challenges
Lack of information makes it difficult to assess compliance with law, certification and standards.
OUTSRC-09 Cloud provider termination.
The cloud provider has to terminate the service because of financial or legal reasons.
OUTSRC-10 The involvement of multiple parties leads to confused access rights.
The involvement of multiple parties lead to a loss of control due to mismanaged access rights.
OUTSRC-11 Cloud provider is restricted by procedures.
Cloud provider lacks the flexibility in its procedures to deal with security and performance problems.
OUTSRC-12 Financial transactions are compromised
Financial transactions between customer and cloud provider are compromised causing financial damage or disruption of service.
OUTSRC-13 Customer account data is lost because of storage failure
Provider storage failure leads to destruction of important customer account data.
OUTSRC-14 Economical Denial of Service
Malicious customer employee abuses access rights to procure significant capacity or deprovision services.
OUTSRC-15 Cloud provider technology and SLA terms divert from industry standards.
Cloud provider technology, standards and SLA terms do not follow industry standards.
OUTSRC-16 Customer SLA unclarity.
The definitions in the customer SLA are not clear enough leading to disputes regarding SLA performance.
OUTSRC-17 Cloud provider breaches quality standard.
Provider does not follow its internal procedures, quality standards and guidelines.
OUTSRC-18 SLA Changes
Provider initiated changes to the SLA alters the quality of service.
OUTSRC-19 Customer SLA Breach by provider.
Terms of the customer SLA are breached by the provider.
OUTSRC-20 Business Model change
A change in cloud provider strategy prompts a deterioration of the service.
OUTSRC-21 Cloud provider terminates contract
The cloud provider terminates customer services with or without notice leading to a loss of service.
OUTSRC-22 Cloud provider dealing with customer legal situations.
The cloud provider will be dealing with legal situations like subpoenas and cease and desist requests on behalf of the customer.
OUTSRC-23 Cloud provider holding customer (account) data (privacy issue)
Cloud provider neglecting its responsibilities with respect to customer privacy.
OUTSRC-24 Reputation cloud provider and its suppliers
A loss of reputation of the cloud provider or its suppliers lead to a loss of business reputation for the customer.
OUTSRC-25 Cloud provider breach of law
A breach of law by the cloud provider leading to a loss of customer reputation or a service interruption.
OUTSRC-26 Data jurisdiction is not controlled by customer.
Uncontrolled change in jurisdiction of customer data leads to the risk the data is blocked or impounded by a government or other organisation.
OUTSRC-27 Access to support is restricted.
The customer can not access the required level of support from the provider. The service support organisation is restricted by unreasonable timeframes or does not provide required support on request.
OUTSRC-28 Lack of information on outages and maintenance.
Lack of information on outages and maintenance making client infrastructure management more difficult.
OUTSRC-29 Cloud provider supplier SLA does not match customer SLA 1.1
Cloud provider supplier SLA does not match customer SLA resulting in customer SLA being breached.
OUTSRC-30 Extreme provisioning paterns because of faulty customer side software. 1.1
Extreme provisioning paterns because of faulty customer side software resulting in a loss of cost control.
OUTSRC-31 Lack of information regarding resource usage. 1.1
Lack of information regarding resource usage leading to a loss of cost control.
OUTSRC-32 Unclearity about used resources. 1.1
The used and billed resources are difficult to evaluate for the customer.
OUTSRC-33 Dishonest or faulty resource reporting. 1.1
Dishonest or faulty resource reporting by cloud provider leading to overreporting of used resources.
OUTSRC-34 Cloud provider failure to pay supplier. 1.1
Cloud provider failure to pay supplier leads to service interuption or data loss.
OUTSRC-35 Access rights of customer employees are difficult to change. 1.1
Access rights of customer employees in the customer interface are difficult to manage.
OUTSRC-36 Customer interface accounts used by multiple people making accountability and authorisation difficult. 1.1
Multiple customer employees using the customer interface makes individual accountability and authorisation difficult.
OUTSRC-37 Customer failure to pay cloud provider. 1.1
Customer failure to pay cloud provider leading to service interuption or data loss.
OUTSRC-38 Unavailability of information on standard compliance. 1.1
Customers do not have enough information to evaluate compliance with the quality standards the provider is committed to.
OUTSRC-39 Customer loss of control regarding maintenance windows. 1.1
Customer loss of control regarding maintenance windows leading to inconvenient downtime.
OUTSRC-40 Lack of control about technological changes. 1.1
Lack of control about technological changes could lead to integration issues.
OUTSRC-41 Data retention policies do not match laws. 1.1
Data retention policies results in a breach of law.
OUTSRC-42 Encryption technologies are not disclosed resulting in customer breach of law. 1.1
Encryption technologies and policies are not disclosed resulting in customer breach of law.
OUTSRC-43 Privacy breach by cloud provider personel. 1.1
Cloud provider personel gains access to confidential data on the customer environment resulting in a breach of the customers’ privacy obligations.
OUTSRC-44 Malicious cloud provider employee. 1.1
Malicious cloud provider employee gaining unauthorised access or using authorised access to malicious intent.
OUTSRC-45 Unavailability of management information.
The customer does not have the proper management information regarding their IT infrastructure.

Co-tenancy Risks

TENAN-01 Co-tenant activities result in technical restrictions
Co-tenant activities that pose an inconvenience or are a threat to third parties can result in technical restrictions for the customer.
TENAN-02 Loss of business reputation due to co-tenant activities
Activities from co-tenants damage customer reputation. Shared co-tenancy aspects like IP-networks might implicate a relationship between tenant activities.
TENAN-03 Isolation failure (network level)
A co-tenant purposely or accidentally gains access to the resources of another customer by intercepting network traffic.
TENAN-04 Subpoena of co-tenant leads to critical hardware being impounded.
A subpoena request targeting another customer impounds hardware critical to the customers’ services.
TENAN-05 Over-usage of shared resources by certain clients.
Over-usage of shared resources by one or more other customers threaten services of other customers.
TENAN-09 Intercepting or modifying data in transit (within cloud/network)
Customer or provider data traversing the cloud is intercepted by another customer or third party. Virtualized environments or the network infrastructure might have vulnerabilities which allow snooping or even modification of data.
TENAN-10 Multiple customers simultaniously peak processing. 1.1
Multiple customers simultaniously peak processing leading to resource exhaustion.
TENAN-11 Cloud provider is attacked because it is a large target. 1.1
Cloud provider might make for a more attractive target for attacks because it hosts a large number of customers.
TENAN-14 Compromised Hypervisor (separation of customers)
Vulnerability in hypervisor leads to unauthorized access from one virtual machine to another.
TENAN-15 Isolation failure in the storage.
Vulnerability in the storage layer leads to unauthorised access. If data partitions are not isolated properly, customers can access co-tenant data.

Virtualisation Risk

XLS-VIRT01 Attacks on the virtual infrastructure from the outside of the network. 1.1
Attacks on the virtual infrastructure from the outside of the network leading to unauthorised access.
XLS-VIRT02 Lacking policies relating to dormant virtual machines and snapshots. 1.1
Insufficient oversight relating to dormant virtual machines and snapshots resulting in security risks.
XLS-VIRT03 Hypervisor Failure
Errors in hypervisor software disrupt service or data integrity. Virtualization and multi-tenancy are the basis of cloud computing but can also introduce risks.