While the focus on security is on attacks from the outside world, many attacks will occur within clouds -- by insiders Many IT managers are not moving to the cloud due to security concerns. I suspect they’re envisioning a group of Eastern Bloc hackers in a one-room apartment attacking their cloud providers and stealing their data. While I’m sure that does indeed go on, the true threat around cloud computing security issues are going to come from within the cloud.The more common issues will be around those who have been trusted with cloud computing access and who walk off with data, typically before resigning or being fired. While this occurs all of the time now with the advent of cheap USB thumb drives, the cloud makes it a bit easier, considering that employees with access to cloud-based resources have access to large amounts of typically sensitive data from anywhere in the world.The only way to defend against this, other than doing a good background check, is to make sure that no single user has access to all of the data in a downloadable format. This includes limiting use of the data-oriented APIs provided by the cloud computing provider to only a few authorized and trusted people. The larger issue around cloud computing is the fact that while many clouds are set up to defend against those looking to hack directly into a server instance or instances from the outside, many attacks will occur between instances. This typically means they are exploiting issues with core cloud computing components, such as the hypervisor, to attack across virtual machines.This was the case in a recent study that showed how potential hackers could use a side-channel attack to reach across virtual machines to do fun things such as gather passwords. The researchers demonstrated that a virtual machine sitting on the same physical server as a target VM could monitor shared resources on the server to make highly educated inferences about the target VM.The core issue here is the levels of trust. Many cloud computing providers trust their customers, and each customer is physically commingling its data with data from anybody else using the cloud. While logically and virtually you have your own space, the way that the cloud provider implements security is typically focused on they fact that those outside of their cloud are evil, and those inside are good. But what if those inside are also evil? Cloud computing providers are evolving their security strategies to meet these new challenges, and I wouldn’t get worked up about these issues and use them as an excuse not to leverage cloud computing. It’s just something that you need to be aware of and take precautions to make sure your data and business processes are safe.This article, “Afraid of outside cloud attacks? You’re missing the real threat,” was originally published at InfoWorld.com. Read more of David Linthicum’s Cloud Computing blog and follow the latest developments in cloud computing at InfoWorld.com. Cloud ComputingHacking