Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Identifying And Remediating Security Vulnerabilities In The Cloud
Newest First  |  Oldest First  |  Threaded View
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
4/7/2013 | 11:28:08 AM
re: Identifying And Remediating Security Vulnerabilities In The Cloud
I agree that "Cloud computing can lead to security risks". There are many reasons behind these data security issues in cloud services.- First and foremost is that the architecture is fundamentally based on sharing resources and moving data around for collaboration and scalability.- This contradicts the basic principles of data security and compliance, which focus on restricting access and controlling data flow.- Once the data is out of organizationsG hands and into the cloud, how can security be assured?
If the platform cannot be protected by the organization, then the data itself must be secured before it reaches the cloud.- The primary means to this is in granular, selective data protection, via tokenization or masking, to allow different classification levels.- Tokenized or masked data holds no value to a potential thief, and allows applications to operate on selective portions of the data that bleed through.
The data will then be secured across the enterprise and into the cloud, and only via policy retained at the organizationGs security center can the sensitive data ever be revealed to authorized parties or applications that require it.- A separation of duties, isolating security administration to security personnel, can ensure protection from internal threats.
Since the data itself is secured, this can reduce the requirements for auditing and monitoring, which are also issues in a cloud environment.
Practicing in this way can allow organizations to rest easy, knowing that their data is safe wherever it goes, and continue to take advantage of the numerous efficiencies in cloud computing.

Ulf Mattsson | CTO | Protegrity (m) 203.570.6919


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33336
PUBLISHED: 2021-08-04
Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_journal_web_portlet_JournalPortl...
CVE-2021-33339
PUBLISHED: 2021-08-04
Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortlet_name parameter.
CVE-2021-3680
PUBLISHED: 2021-08-04
showdoc is vulnerable to Missing Cryptographic Step
CVE-2021-35397
PUBLISHED: 2021-08-04
A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending...
CVE-2021-36483
PUBLISHED: 2021-08-04
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.