New tests reveal ongoing failings with cloud security

Security failings with cloud services have again been highlighted, and a security company has warned that businesses need to be more "vigilant".

With more businesses using cloud storage services to hold not only business but customer data as well, the Information Commissioner's Office (ICO) issued a warning in September about cloud security.

Read more: Cloud storage news | Cloud storage services

Now tests of "five common cloud providers", conducted by Stratsec, a subsidiary of BAE Systems, showed each of the companies' services had security failings.

The security consultancy firm said: "The results of the experiment showed that no connections were reset or terminated when transmitting inbound and outbound malicious traffic, no alerts were raised to the owner of the accounts, and no restrictions were placed on the [virtual machines used to perpetrate the attacks]."

To test the security of these companies, the researchers subscribed to each provider and then set up a 'botCloud' network. From this network it launched a number of test cyber-attacks on mock "victim hosts"; including denial-of-service attacks against the 'hosts' to disrupt services, as well as subjecting them to malicious software traffic which hackers sometimes use to steal information.

The consultancy setting up this ‘botCloud' was "relatively easy and cheap", required "significantly less time to build" and was more "reliable" than a "traditional botnet".

It added companies must ensure any cloud service it uses as a high end firewall and intrusion detection system.

"For organisations seeking to host their services on the cloud, if you have a mature technical security capability with your on-site solutions, you may find higher likelihood of compromise, reduced likelihood of notification attack and possible difficulties in investigation and response when you move toward Cloud hosted services," Stratsec said.