Security company Fortify Software used this summer's DEF CON 2010 conference to survey 100 professional hackers on the state of cloud security. An overwhelming 96 percent of those surveyed believe that cloud vendors as being generally negligent when it comes to addressing the security issues affecting their services.
Breaking down the survey responses, 21 percent believe that Software-as-a-Service (SaaS) cloud systems are viewed as being the most vulnerable, with 33 percent of the hackers having discovered public DNS vulnerabilities, followed by log files (16 percent) and communication profiles (12 percent) in their cloud travels.
DEF CON has evolved considerably since the first event was held back in 1993. Today this "hacker festival" attracts up to 8,500 of the world's top professional hackers and IT security researchers. "Anecdotal evidence suggests this year's Las Vegas event was even more successful, meaning that our survey results highlight the very real security challenges that lie ahead for cloud vendors and security defense professionals," said Barmak Meftah, chief products officer with Fortify Software.
"More than anything, this research confirms our ongoing observations that cloud vendors -- as well as the IT software industry as a whole -- need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource," he added.