Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Cloud Security By The Numbers
Newest First  |  Oldest First  |  Threaded View
DmitriS346
50%
50%
DmitriS346,
User Rank: Apprentice
11/27/2014 | 12:52:41 AM
Re: Is the cloud really less secure?
There are different clouds out there. Not sure which cloud is discussed here.

"They also manage more uniform environments, leaving them with less detail to track."

and that means a few things:

1) Uniform means attack on one part of infrastructure that is successfull, is sucessfull attack on all part of it, since it can be reused.

2) Less options for security. That's right. If I am full scale paranoid, I can't use all means available for me to protect my users, including from themselves.



3) Restoration of data.

Oh yeah, this is a sweet one. If only one customer, specifically me has been badly affected, due to non cloud issues, there is not much I can do to restore data. I am at will of cloud provider here And will says NO. As it's not economically feaseble to restore file or two.

I have refused restoring those files myself. Just for record, I worked for cloud provider myself. For two of them actually. I was sacked from last one. Though it's entirely different story.

And remember, policy of any company is not trueth, but profit. Especially when any kind of outsourcing is involved. I know that, as I worked for a few.

To add to minuses of cloud. They will hapilly assist you to migrate to them, but not from them. And it may be hughe pain in the butt later.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:17:28 PM
Re: Is the cloud really less secure?
I see your point. We may be better of being on Microsoft Azure platform than Target's POS system. Clots solution tend to have standard level of security otherwise they could not sell the service to the public.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:15:10 PM
Re: Is the cloud really less secure?
I mainly agree. All the security concerns will go away if we just encrypt data at rest.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/24/2014 | 8:05:01 PM
Cloud is more secure
I think I am in one of these slides, I tend to think cloud is more secure when I start thinking security measures, or lack of it, that lots of SME are using. Cloud provides a certain level of security by default.
ODA155
50%
50%
ODA155,
User Rank: Ninja
11/24/2014 | 11:00:26 AM
Re: Is the cloud really less secure?
@Marilyn Cohodas, "But the issues of  security of the data remains the same regardless of who owns the servers and where they are located.". That is absolutley correct, but from every security professional that I know, when this topic comes up for discussion, inside thier companies, it's never about security, it's about providing some type of functionality or solution that does not already exist internally or treating that "cloud" as an appendage to their own networks because it's faster and cheaper than building, managing and maintaining your own.

My company for example, would rather put a service in the cloud\outsource (that's what it really is, rebranded outsourcing) rather than hire a professional inhouse to do exactly what we need, you settle for what the provider can\will offer.  If we don't already have someone who has the skills the rule is send it to the cloud, and that is about $$$, not security, I wish it were. And what happens when you have people so overloaded with responsibilities that they really shouldn't mix with outher responsibilities... If a company were as willing to invest in securing their internal network as they are in trying to get everything into a cloud, then you wouldn't see so many of these data breaches, I know this is a streach, but I would be surprised if some companies haven't used Target, Home Depot and others as reasoning to move to a cloud for what ever it is the need.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/24/2014 | 10:22:32 AM
Re: Is the cloud really less secure?
@ODA155, you make an interesting point about "the cloud" being "just another infrastructure that holds data." The metaphor gives the public the sense that "cloud" is somehow vastly different than  a bricks and mortar DC. And perhaps it is, for  most companies outside of Netflix, Google, Apple, and FB etc, in terms of scale. But the issues of  security of the data remains the same regardless of who owns the servers and where they are located.  
ODA155
50%
50%
ODA155,
User Rank: Ninja
11/23/2014 | 11:41:48 PM
Re: Is the cloud really less secure?
Does it really matter... "the cloud" is just another infrastructure that holds data for other people that you HOPE has been designed properly w\security in mind. And just because you think you've transfered the risk on to the cloud provider, guess what, it's still your data or your customers data and you're still responsible for it. Cloud services need services provided the same as Target and Home Depot, maybe not the same services, but services none the less. Lastley, you can call it what you want or you can do as Apple did and blame the customer, but Apples cloud was breached and it will happen again.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
11/21/2014 | 8:12:05 PM
Is the cloud really less secure?
I'm looking for the 51% majority that believes sending data to the cloud increases the risk of a breach to flip the other way. Soon a narrow majority will say the cloud is safer than their own premises. The Target breach and other recent breaches have been enterprise system intrusions, not cloud breaches. And a large successful cloud operation like Microsoft, SoftLayer or Amazon can devote more resources to security than most enterprises can. They also manage more uniform environments, leaving them with less detail to track.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32053
PUBLISHED: 2021-05-10
JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are m...
CVE-2020-18102
PUBLISHED: 2021-05-10
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
CVE-2020-27232
PUBLISHED: 2021-05-10
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-28600
PUBLISHED: 2021-05-10
An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-21430
PUBLISHED: 2021-05-10
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vu...