Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/21/2014
02:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cloud Security By The Numbers

Quantifying the perceptions around cloud security practices.
Previous
1 of 10
Next

As IT executives and business leaders finally get their arms around analyses of the business opportunities versus the security risks of cloud adoption, the industry is increasingly quantifying the friction between the two. We've put together some numbers to show perception over some of the hot-button issues, as well as current progress toward smoothing the way for secure cloud transformations.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. 
View Full Bio

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DmitriS346
50%
50%
DmitriS346,
User Rank: Apprentice
11/27/2014 | 12:52:41 AM
Re: Is the cloud really less secure?
There are different clouds out there. Not sure which cloud is discussed here.

"They also manage more uniform environments, leaving them with less detail to track."

and that means a few things:

1) Uniform means attack on one part of infrastructure that is successfull, is sucessfull attack on all part of it, since it can be reused.

2) Less options for security. That's right. If I am full scale paranoid, I can't use all means available for me to protect my users, including from themselves.



3) Restoration of data.

Oh yeah, this is a sweet one. If only one customer, specifically me has been badly affected, due to non cloud issues, there is not much I can do to restore data. I am at will of cloud provider here And will says NO. As it's not economically feaseble to restore file or two.

I have refused restoring those files myself. Just for record, I worked for cloud provider myself. For two of them actually. I was sacked from last one. Though it's entirely different story.

And remember, policy of any company is not trueth, but profit. Especially when any kind of outsourcing is involved. I know that, as I worked for a few.

To add to minuses of cloud. They will hapilly assist you to migrate to them, but not from them. And it may be hughe pain in the butt later.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:17:28 PM
Re: Is the cloud really less secure?
I see your point. We may be better of being on Microsoft Azure platform than Target's POS system. Clots solution tend to have standard level of security otherwise they could not sell the service to the public.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:15:10 PM
Re: Is the cloud really less secure?
I mainly agree. All the security concerns will go away if we just encrypt data at rest.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:05:01 PM
Cloud is more secure
I think I am in one of these slides, I tend to think cloud is more secure when I start thinking security measures, or lack of it, that lots of SME are using. Cloud provides a certain level of security by default.
ODA155
50%
50%
ODA155,
User Rank: Ninja
11/24/2014 | 11:00:26 AM
Re: Is the cloud really less secure?
@Marilyn Cohodas, "But the issues of  security of the data remains the same regardless of who owns the servers and where they are located.". That is absolutley correct, but from every security professional that I know, when this topic comes up for discussion, inside thier companies, it's never about security, it's about providing some type of functionality or solution that does not already exist internally or treating that "cloud" as an appendage to their own networks because it's faster and cheaper than building, managing and maintaining your own.

My company for example, would rather put a service in the cloud\outsource (that's what it really is, rebranded outsourcing) rather than hire a professional inhouse to do exactly what we need, you settle for what the provider can\will offer.  If we don't already have someone who has the skills the rule is send it to the cloud, and that is about $$$, not security, I wish it were. And what happens when you have people so overloaded with responsibilities that they really shouldn't mix with outher responsibilities... If a company were as willing to invest in securing their internal network as they are in trying to get everything into a cloud, then you wouldn't see so many of these data breaches, I know this is a streach, but I would be surprised if some companies haven't used Target, Home Depot and others as reasoning to move to a cloud for what ever it is the need.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/24/2014 | 10:22:32 AM
Re: Is the cloud really less secure?
@ODA155, you make an interesting point about "the cloud" being "just another infrastructure that holds data." The metaphor gives the public the sense that "cloud" is somehow vastly different than  a bricks and mortar DC. And perhaps it is, for  most companies outside of Netflix, Google, Apple, and FB etc, in terms of scale. But the issues of  security of the data remains the same regardless of who owns the servers and where they are located.  
ODA155
50%
50%
ODA155,
User Rank: Ninja
11/23/2014 | 11:41:48 PM
Re: Is the cloud really less secure?
Does it really matter... "the cloud" is just another infrastructure that holds data for other people that you HOPE has been designed properly w\security in mind. And just because you think you've transfered the risk on to the cloud provider, guess what, it's still your data or your customers data and you're still responsible for it. Cloud services need services provided the same as Target and Home Depot, maybe not the same services, but services none the less. Lastley, you can call it what you want or you can do as Apple did and blame the customer, but Apples cloud was breached and it will happen again.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
11/21/2014 | 8:12:05 PM
Is the cloud really less secure?
I'm looking for the 51% majority that believes sending data to the cloud increases the risk of a breach to flip the other way. Soon a narrow majority will say the cloud is safer than their own premises. The Target breach and other recent breaches have been enterprise system intrusions, not cloud breaches. And a large successful cloud operation like Microsoft, SoftLayer or Amazon can devote more resources to security than most enterprises can. They also manage more uniform environments, leaving them with less detail to track.
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27621
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
CVE-2020-27620
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
CVE-2020-27619
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-17454
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
CVE-2020-24421
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.