Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/21/2014
02:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cloud Security By The Numbers

Quantifying the perceptions around cloud security practices.
Previous
1 of 10
Next

As IT executives and business leaders finally get their arms around analyses of the business opportunities versus the security risks of cloud adoption, the industry is increasingly quantifying the friction between the two. We've put together some numbers to show perception over some of the hot-button issues, as well as current progress toward smoothing the way for secure cloud transformations.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DmitriS346
50%
50%
DmitriS346,
User Rank: Apprentice
11/27/2014 | 12:52:41 AM
Re: Is the cloud really less secure?
There are different clouds out there. Not sure which cloud is discussed here.

"They also manage more uniform environments, leaving them with less detail to track."

and that means a few things:

1) Uniform means attack on one part of infrastructure that is successfull, is sucessfull attack on all part of it, since it can be reused.

2) Less options for security. That's right. If I am full scale paranoid, I can't use all means available for me to protect my users, including from themselves.



3) Restoration of data.

Oh yeah, this is a sweet one. If only one customer, specifically me has been badly affected, due to non cloud issues, there is not much I can do to restore data. I am at will of cloud provider here And will says NO. As it's not economically feaseble to restore file or two.

I have refused restoring those files myself. Just for record, I worked for cloud provider myself. For two of them actually. I was sacked from last one. Though it's entirely different story.

And remember, policy of any company is not trueth, but profit. Especially when any kind of outsourcing is involved. I know that, as I worked for a few.

To add to minuses of cloud. They will hapilly assist you to migrate to them, but not from them. And it may be hughe pain in the butt later.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:17:28 PM
Re: Is the cloud really less secure?
I see your point. We may be better of being on Microsoft Azure platform than Target's POS system. Clots solution tend to have standard level of security otherwise they could not sell the service to the public.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:15:10 PM
Re: Is the cloud really less secure?
I mainly agree. All the security concerns will go away if we just encrypt data at rest.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:05:01 PM
Cloud is more secure
I think I am in one of these slides, I tend to think cloud is more secure when I start thinking security measures, or lack of it, that lots of SME are using. Cloud provides a certain level of security by default.
ODA155
50%
50%
ODA155,
User Rank: Ninja
11/24/2014 | 11:00:26 AM
Re: Is the cloud really less secure?
@Marilyn Cohodas, "But the issues of  security of the data remains the same regardless of who owns the servers and where they are located.". That is absolutley correct, but from every security professional that I know, when this topic comes up for discussion, inside thier companies, it's never about security, it's about providing some type of functionality or solution that does not already exist internally or treating that "cloud" as an appendage to their own networks because it's faster and cheaper than building, managing and maintaining your own.

My company for example, would rather put a service in the cloud\outsource (that's what it really is, rebranded outsourcing) rather than hire a professional inhouse to do exactly what we need, you settle for what the provider can\will offer.  If we don't already have someone who has the skills the rule is send it to the cloud, and that is about $$$, not security, I wish it were. And what happens when you have people so overloaded with responsibilities that they really shouldn't mix with outher responsibilities... If a company were as willing to invest in securing their internal network as they are in trying to get everything into a cloud, then you wouldn't see so many of these data breaches, I know this is a streach, but I would be surprised if some companies haven't used Target, Home Depot and others as reasoning to move to a cloud for what ever it is the need.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/24/2014 | 10:22:32 AM
Re: Is the cloud really less secure?
@ODA155, you make an interesting point about "the cloud" being "just another infrastructure that holds data." The metaphor gives the public the sense that "cloud" is somehow vastly different than  a bricks and mortar DC. And perhaps it is, for  most companies outside of Netflix, Google, Apple, and FB etc, in terms of scale. But the issues of  security of the data remains the same regardless of who owns the servers and where they are located.  
ODA155
50%
50%
ODA155,
User Rank: Ninja
11/23/2014 | 11:41:48 PM
Re: Is the cloud really less secure?
Does it really matter... "the cloud" is just another infrastructure that holds data for other people that you HOPE has been designed properly w\security in mind. And just because you think you've transfered the risk on to the cloud provider, guess what, it's still your data or your customers data and you're still responsible for it. Cloud services need services provided the same as Target and Home Depot, maybe not the same services, but services none the less. Lastley, you can call it what you want or you can do as Apple did and blame the customer, but Apples cloud was breached and it will happen again.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
11/21/2014 | 8:12:05 PM
Is the cloud really less secure?
I'm looking for the 51% majority that believes sending data to the cloud increases the risk of a breach to flip the other way. Soon a narrow majority will say the cloud is safer than their own premises. The Target breach and other recent breaches have been enterprise system intrusions, not cloud breaches. And a large successful cloud operation like Microsoft, SoftLayer or Amazon can devote more resources to security than most enterprises can. They also manage more uniform environments, leaving them with less detail to track.
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...