Cloud service providers are constantly looking for ways to increase revenue and reduce costs either by reducing capacity requirements or by supporting more users without adding capacity. Over-commit of physical resources, without adding more capacity, is one such approach. Workloads that tend to be 'peaky' are especially attractive targets for over-commit since only occasionally such workloads use all the system resources that they are entitled to. Online identification of candidate workloads and quantification of risks are two key issues associated with over-committing resources. In this paper, to estimate the risks associated with over-commit, we describe a mechanism based on the statistical analysis of the aggregate resource usage behavior of a group of workloads. Using CPU usage data collected from an internal private Cloud, we show that our proposed approach is effective and practical. © 2012 IEEE.