An Amazon employee in one of the cloud provider's data centers went to manually enter a shutdown code to help fix a slowdown issue in their systems. The code was entered incorrectly, which caused a significantly larger amount of the cloud platform to shut down than was originally intended. Companies with programs that relied on the affected systems experienced a data pile-up that resulted in storage delays, further impacting program efficiency for many cloud users.
Amazon took full responsibility for the human-caused error in their services, but their error exemplifies the risks behind cloud computing that companies take on. It is believed that part of the reason hackers were able to infiltrate the Equifax data cloud in was because IT employees responsible for dealing with the system issues prioritized other projects before dealing with the threatened security measures.
Whether they underestimated the severity of the flaw in the system, or they just had too much else on their plate that week, waiting to focus on the issue further extended the damage of the hack, exploiting information from million Americans, and hurting company efficiency and reputation.
Misprioritization can affect both the cloud provider and the user of the cloud services, making it a cloud computing vulnerability that all those related to cloud security should consider.
Besides the three human-caused cloud computing vulnerabilities described above, there are other common threats to cloud systems that companies and providers should consider. Does your organization have measures in place to protect from cloud computing vulnerabilities? Have you taken into account the human-caused security breaches that have already left huge impacts on industry leaders?
Learn more about how to manage your cloud risk and regulation with BitSight. I co-founded BitSight in with my friend and grad school classmate, Nagarjuna Venna. When I think back at our original idea of creating a global In IaaS and PaaS models, the application belongs to the cloud consumer. As a general guideline, companies should consider the possible use of cloud services during the design and development of new company-specific applications and apply appropriate security measures.
Cloud consumers must always ensure the security of the endpoints that are used to access cloud services. In the SaaS model, this is the only responsibility of the cloud consumer regarding infrastructure security.
With IaaS, the cloud user is responsible for network security and, if necessary, communication encryption. In PaaS and SaaS, this accountability is transferred from the cloud consumer to the provider, since the provider has the appropriate security technologies in place. Meanwhile, the provider must ensure the physical security of the cloud system. Security technologies do not necessarily have to take the form of tools, or be developed and operated in a customer-oriented infrastructure.
Cloud providers also offer services for various IT security levels, such as identity and access management. Cloud providers can help organizations comply with security guidelines and regulations through appropriate certifications such as SOC-2, COBIT and more. These standards require security controls to be built in during the development of cloud applications, effective access management, regular vulnerability and security checks, compliance verification and penetration testing.
When using cloud services, you should implement all the same security measures you would apply to classic IT infrastructures. Since IT resources are also used in cloud systems, the previously described security objectives have to be addressed with regard to people, information, applications and infrastructure. It is equally crucial to determine who controls the various components of the cloud infrastructure. The security gaps not addressed by SaaS vendors include: preventing data exposure through improper sharing and preventing threat insertion and distribution.
To compensate for what cloud vendors do not secure, an organization must have the right tools in place to effectively manage and secure risks to keep data secure. These tools must provide visibility into activity within the SaaS application, detailed analytics on usage to prevent data risk and compliance violations, context-aware policy controls to drive enforcement and quarantine if a violation occurs, real-time threat intelligence on known threats, and the ability to detect unknown threats to prevent new malware insertion points.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Cloud Computing Aperture cloud security SaaS. Responsibility Breakdown There are two ways to think about this responsibility divide. However, depending on the cloud infrastructure — private, public or SaaS — responsibility varies between the cloud vendor and organization: Private — In private clouds, enterprises are responsible for all aspects of security for the cloud because it is hosted within their own data centers.
Get updates! Sign up to receive the latest news.
0コメント