Cloud Security Alliance and HP Identify Top Cloud Security Threats in New Research Report

San Francisco, CA – March 1, 2010 (RSA Conference) – The Cloud Security Alliance (CSA) and HP (NYSE: HPQ) today announced new research findings that detail the potential threats surrounding the use of cloud services. The research, commissioned by HP, was designed to help companies understand current and future threats, and to provide remediation strategies to ensure that business processes as well as data remain secured in the cloud. The peer-reviewed research paper, entitled “Top Threats to Cloud Computing Report,” is the result of a broad examination of information security experts across 29 enterprises, solution providers, and consulting firms exposed to some of the world’s most demanding and complex cloud environments. Key findings from the report will be presented today at the Cloud Security Summit at the RSA conference. Organizations are rapidly adopting cloud services, even as security is cited as the number one barrier to adoption. The research was conducted to provide cloud clients with greater visibility into specific security threats relevant to cloud services in order to more accurately assess the risks and benefits of cloud adoption strategies. This research complements the CSA’s flagship Security Guidance for Critical Areas of Focus, which provides advice on best practices. “Cloud services are clearly the next generation of information technology that enterprises must master. We have a shared responsibility to understand the security threats that accompany the cloud and apply the necessary best practices to mitigate them,” said Jim Reavis, founder of the Cloud Security Alliance. “The objective of this report was to not only identify those threats which are most germane to IT organizations but also help organizations understand how to proactively protect themselves. This is the first deliverable in our cloud threat research initiative, which will feature regular updates to reflect participation from a greater number of experts and to keep pace with the dynamic nature of new threats.” The research identifies the vulnerabilities that threaten to hinder cloud service offerings from reaching their full potential. For example, companies must be aware of “abuse and nefarious use of cloud computing,” which includes exploits such as the Zeus botnet and InfoStealing trojan horses, malicious software that has proven especially effective in compromising sensitive private resources in cloud environments. However, not all of the threats in this category are rooted in malicious intent. As the social Web evolves, more sites are relying on application programming interfaces (APIs), a set of operations that enable interaction between software programs, to present data from disparate sources. Sites that rely on multiple APIs often suffer from the “weakest link security” in which one insecure API can adversely affect a larger set of participants. Together, these threats comprise a combination of existing vulnerabilities that are magnified in severity in cloud environments as well as new, cloud-specific techniques that put data and systems at risk. Additional threats outlined in the research include: * Malicious Insiders * Shared Technology Vulnerabilities * Data Loss/Leakage * Account/Service and Traffic Hijacking As a member of the CSA, HP sponsored the research to educate companies about potential cloud service threats so they can enact best practices. In addition, HP offers an integrated security portfolio that consists of products, consulting, training and managed services designed to reduce cloud complexity as well as mitigate risk. “In order to mitigate the business risk associated with the cloud, companies must invest the time and resources to properly secure their data center assets,” said CSA committee member Archie Reed, chief technologist for cloud security, Secure Advantage, HP. “HP’s comprehensive security portfolio includes hardware, software and dedicated consulting services that are designed to help organizations reduce data breach within this space.” The full report will be made available on the CSA website following the conference and can be downloaded at

https://cloudsecurityalliance.org/research/projects/top-threats-to-cloud-computing/. To learn more, visit www.hp.com/go/cloudsecurity to watch a video from HP and CSA on the top cloud security threats. About HP HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems. More information about HP (NYSE: HPQ) is available at http://www.hp.com. Novell is a registered trademark of Novell, Inc. in the United States and other countries. *All third-party trademarks are the property of their respective owners.

About Cloud Security Alliance The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by industry practitioners and supported by more than 25 corporate members. For further information, the Cloud Security Alliance website is www.cloudsecurityalliance.org.

Press Contacts Dayna Fried, HP [email protected] 949-422-7206 Robert Nachbar ZAG Communications for the Cloud Security Alliance 206.427.0389 [email protected]