Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

3/5/2018
05:00 PM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

6 Questions to Ask Your Cloud Provider Right Now

Experts share the security-focused issues all businesses should explore when researching and using cloud services.
Previous
1 of 7
Next

(Image: ra2studio via Shutterstock)

(Image: ra2studio via Shutterstock)

The cloud is fairly new territory for many organizations and, consequently, it’s an area where mistakes are made stemming from confusion around the role cloud service providers play in security, and how companies should work with them.

"Organizations looking to host their data in cloud service providers have the best intentions in mind, and the clients I speak with are looking at security as being a key motivator," says Mark Judd, research analyst at Gartner's Research Analyst Lab.

But, Judd says, many businesses are in the mindset of thinking that because major players like Amazon and Microsoft have not been directly compromised, any data they put in those companies' cloud environments will automatically be secure. The problem is, security works both ways.

"They neglect to realize that moving into a cloud does not automatically make their data secure, but requires an understanding of the shared responsibility in regards to security controls between the organization and the cloud provider," Judd explains.

Andrei Florescu, group product manager for datacenter at Bitdefender, observes that enterprise responsibility for cloud security varies from function to function, depending on whether you're buying Infrastructure-as-a-Service, Platform-as-a-Service, or Software-as-a-Service.

Renting instances in Amazon Web Services will involve different responsibility from buying Office 365, he says, adding that "customers should spend a bit of time understanding the type of service they're consuming from cloud providers, and understanding the security model of whatever it is they're consuming." 

Misconceptions around the responsibilities of cloud service providers and their customers in securing data can put information at risk. Here, cloud experts share the security-focused questions all businesses should be asking when researching and using cloud services.

 

 Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29763
PUBLISHED: 2021-09-16
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.
CVE-2021-29825
PUBLISHED: 2021-09-16
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
CVE-2021-29842
PUBLISHED: 2021-09-16
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.
CVE-2021-29752
PUBLISHED: 2021-09-16
IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.
CVE-2021-34798
PUBLISHED: 2021-09-16
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.