1 research outputs found
Systemic Risk and Vulnerability Analysis of Multi-cloud Environments
With the increasing use of multi-cloud environments, security professionals
face challenges in configuration, management, and integration due to uneven
security capabilities and features among providers. As a result, a fragmented
approach toward security has been observed, leading to new attack vectors and
potential vulnerabilities. Other research has focused on single-cloud platforms
or specific applications of multi-cloud environments. Therefore, there is a
need for a holistic security and vulnerability assessment and defense strategy
that applies to multi-cloud platforms. We perform a risk and vulnerability
analysis to identify attack vectors from software, hardware, and the network,
as well as interoperability security issues in multi-cloud environments.
Applying the STRIDE and DREAD threat modeling methods, we present an analysis
of the ecosystem across six attack vectors: cloud architecture, APIs,
authentication, automation, management differences, and cybersecurity
legislation. We quantitatively determine and rank the threats in multi-cloud
environments and suggest mitigation strategies.Comment: 27 pages, 9 figure