Cloud

How & Why Cloud Security Will Empower Users

50%
50%

Dramatic growth in cloud computing means big changes for enterprises of all sizes and in all markets this year. Bill Kleyman explains why that’s a good thing.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Bill Kleyman
50%
50%
Bill Kleyman,
User Rank: Apprentice
1/27/2014 | 10:48:24 AM
Re: Biggest gotchas for empowering users in cloud?
@Marilyn - There's good news and bad news. Organizations can be proactive and deploy best practices around their cloud and infrastructure security environment.

The bad news is that bad guys are usually not far behind -- and in many cases ahead. In creating a good security platform, there are several things to consider. Compliance and regulation aside, some of the biggest mistakes I've seen revolve around lapsed policies, reactive thinking, and no security testing.

Honestly, it's the little things that can hurt a business. Forgetting to renew an SSL cert, leaving a port open, or not having proper security services running internally. Also, checking your sources helps a lot as well. Let me give you an example, a friend of mine ran an experiment as a part of some research he was working on. He built an Amazon Machine Image (AMI) of a popular penetration testing platform -- which was previously unavailable on EC2. One of his additions to the AMI was a backdoor which would basically just communicate back to his own server, indicating that somebody had turned on his backdoored instance. He could have just as easily built a reverse shell into the image. This basically comes back around to the discussion of data security, as all of your encryption keys, VPN configurations, and potentially passwords are protected by unknown controls, which are of unknown resiliency.

In creating the optimal security platform, consider best practices and also consider the target. This also means constant testing and log keeping. There are a lot of proactive things you can do around security that will certainly help.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/27/2014 | 10:11:03 AM
Biggest gotchas for empowering users in cloud?
Hi Bill. Can you elaborate on what organizations need to do to optimize user security in the evolving cloud infrastructure? In your work with customers, what are the biggest mistakes you've seen IT departments and CSPs make?
CHIRSCHMAN1337
50%
50%
CHIRSCHMAN1337,
User Rank: Apprentice
1/27/2014 | 9:55:14 AM
RSS feeds
Please indicate that content is video in RSS feeds!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

CVE-2015-2979
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

CVE-2015-4286
Published: 2015-07-29
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.

CVE-2015-4290
Published: 2015-07-29
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!