Cloud

11/21/2014
02:05 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail

Cloud Security By The Numbers

Quantifying the perceptions around cloud security practices.
2 of 10

Security Still Trumps All Other Concerns
According to a recent Informationweek Reports survey, security and data resiliency issues make up four of the top 10 concerns held by IT over cloud adoption. And sitting atop that list is the concern of security defects in the cloud technology itself.
Source: InformationWeek

According to a recent Informationweek Reports survey, security and data resiliency issues make up four of the top 10 concerns held by IT over cloud adoption. And sitting atop that list is the concern of security defects in the cloud technology itself.

Source: InformationWeek

2 of 10
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
DmitriS346
50%
50%
DmitriS346,
User Rank: Apprentice
11/27/2014 | 12:52:41 AM
Re: Is the cloud really less secure?
There are different clouds out there. Not sure which cloud is discussed here.

"They also manage more uniform environments, leaving them with less detail to track."

and that means a few things:

1) Uniform means attack on one part of infrastructure that is successfull, is sucessfull attack on all part of it, since it can be reused.

2) Less options for security. That's right. If I am full scale paranoid, I can't use all means available for me to protect my users, including from themselves.



3) Restoration of data.

Oh yeah, this is a sweet one. If only one customer, specifically me has been badly affected, due to non cloud issues, there is not much I can do to restore data. I am at will of cloud provider here And will says NO. As it's not economically feaseble to restore file or two.

I have refused restoring those files myself. Just for record, I worked for cloud provider myself. For two of them actually. I was sacked from last one. Though it's entirely different story.

And remember, policy of any company is not trueth, but profit. Especially when any kind of outsourcing is involved. I know that, as I worked for a few.

To add to minuses of cloud. They will hapilly assist you to migrate to them, but not from them. And it may be hughe pain in the butt later.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:17:28 PM
Re: Is the cloud really less secure?
I see your point. We may be better of being on Microsoft Azure platform than Target's POS system. Clots solution tend to have standard level of security otherwise they could not sell the service to the public.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:15:10 PM
Re: Is the cloud really less secure?
I mainly agree. All the security concerns will go away if we just encrypt data at rest.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:05:01 PM
Cloud is more secure
I think I am in one of these slides, I tend to think cloud is more secure when I start thinking security measures, or lack of it, that lots of SME are using. Cloud provides a certain level of security by default.
ODA155
50%
50%
ODA155,
User Rank: Ninja
11/24/2014 | 11:00:26 AM
Re: Is the cloud really less secure?
@Marilyn Cohodas, "But the issues of  security of the data remains the same regardless of who owns the servers and where they are located.". That is absolutley correct, but from every security professional that I know, when this topic comes up for discussion, inside thier companies, it's never about security, it's about providing some type of functionality or solution that does not already exist internally or treating that "cloud" as an appendage to their own networks because it's faster and cheaper than building, managing and maintaining your own.

My company for example, would rather put a service in the cloud\outsource (that's what it really is, rebranded outsourcing) rather than hire a professional inhouse to do exactly what we need, you settle for what the provider can\will offer.  If we don't already have someone who has the skills the rule is send it to the cloud, and that is about $$$, not security, I wish it were. And what happens when you have people so overloaded with responsibilities that they really shouldn't mix with outher responsibilities... If a company were as willing to invest in securing their internal network as they are in trying to get everything into a cloud, then you wouldn't see so many of these data breaches, I know this is a streach, but I would be surprised if some companies haven't used Target, Home Depot and others as reasoning to move to a cloud for what ever it is the need.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/24/2014 | 10:22:32 AM
Re: Is the cloud really less secure?
@ODA155, you make an interesting point about "the cloud" being "just another infrastructure that holds data." The metaphor gives the public the sense that "cloud" is somehow vastly different than  a bricks and mortar DC. And perhaps it is, for  most companies outside of Netflix, Google, Apple, and FB etc, in terms of scale. But the issues of  security of the data remains the same regardless of who owns the servers and where they are located.  
ODA155
50%
50%
ODA155,
User Rank: Ninja
11/23/2014 | 11:41:48 PM
Re: Is the cloud really less secure?
Does it really matter... "the cloud" is just another infrastructure that holds data for other people that you HOPE has been designed properly w\security in mind. And just because you think you've transfered the risk on to the cloud provider, guess what, it's still your data or your customers data and you're still responsible for it. Cloud services need services provided the same as Target and Home Depot, maybe not the same services, but services none the less. Lastley, you can call it what you want or you can do as Apple did and blame the customer, but Apples cloud was breached and it will happen again.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
11/21/2014 | 8:12:05 PM
Is the cloud really less secure?
I'm looking for the 51% majority that believes sending data to the cloud increases the risk of a breach to flip the other way. Soon a narrow majority will say the cloud is safer than their own premises. The Target breach and other recent breaches have been enterprise system intrusions, not cloud breaches. And a large successful cloud operation like Microsoft, SoftLayer or Amazon can devote more resources to security than most enterprises can. They also manage more uniform environments, leaving them with less detail to track.
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.