Articles

With cloud’s security benefits comes systemic risks, report finds

lead centered=”no”
A new report from the Carnegie Endowment for International Peace seeks to give law and policy makers a better understanding of cloud security risks.
/lead

Although nearly 30 years old, cloud computing is still a “new” technology for most organizations. The cloud promises to reduce costs and increase efficiencies through storage and management of large repositories of data and systems that are theoretically cheaper to maintain and easier to protect.

Given the growing rush by organizations to move to the cloud, it’s no surprise that some policymakers in Washington are calling for regulation of this disruptive technology. Last year, Representative Katie Porter (D-CA) and Nydia Velázquez (D-NY), urged the Financial Stability Oversight Council (FSOC) to consider cloud services as essential elements of the modern banking system and subject them to an enforced regulatory regime. Their calls for this kind of oversight came in the wake of a major data breach of Capital One in which an employee of the financial institution was able to steal more than 100 million customer credit applications by exploiting a misconfigured firewall in operations hosted on Amazon Web Services (AWS).

A study released today by the Carnegie Endowment for International Peace aims to give lawmakers and regulators a basic understanding of what’s happening in the cloud arena, with a particular focus on the security of these vast reservoirs of information. “Cloud Security: A Primer for Policymakers,” written by Tim Maurer, co-director of the Carnegie Endowment’s Cyber Policy Initiative and Garrett Hinck, a doctoral student at Columbia University and a former Carnegie Endowment research assistant, argues that the “debate about cloud security remains vague and the public policy implications are poorly understood.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by İsmail Enes Ayhan on Unsplash

Articles

Hybrid cloud complexity, rush to adopt pose security risks,…

lead centered=”no”
Organizations rushing to adopt hosted cloud infrastructure alongside on-premises systems might not fully understand or address potential security threats.
/lead

As enterprises race to adopt cloud technology, they also encounter a combination of new possible threats from the rapid and frequently unorganized deployment of different cloud-based technologies. Particular concerns surround the adoption of so-called hybrid cloud technologies, Sean Metcalf, founder of cloud security advisory company Trimarc told the attendees of DEF CON Safe Mode last week.

The hybrid cloud is a blend of on-premises infrastructure combined with cloud-hosted infrastructure (infrastructure-as-a-service, or IaaS) and services (software-as-a-service, or SaaS). The IaaS providers are usually giants such as Amazon’s AWS, Microsoft’s Azure or Google’s Cloud Platform. Extending on-premises data centers into the cloud basically means the cloud is effectively operating as a virtualization host like VMware or Microsoft Hyper V, Metcalf said.

Because of this effective virtualization, any attacks that are associated with those cloud data center elements are similar to how you would attack VMware and Hyper V “but with the additional overhead of ‘well, it’s hosted by Microsoft or it’s hosted by Amazon, or it’s hosted Google,’” Metcalf tells CSO.

This article appeared in CSO Online. To read the rest of the article please visit here.