Tag: shadow IT

Last week I wrote that compliance and complacency are major challenges in the cloud. Yes, defensive technology is the same. However, the cloud poses some specific threats. Multitenancy Multitenancy scares people the most. You share cloud infrastructure with other customers. Your cloud services are running on virtual machines. Those VMs run on shared hardware. You […]

That’s a silly question, isn’t it? Cloud providers are businesses, so they will only give away a limited amount of goods or services in the hope that it will entice us to purchase more. We don’t expect physical-world businesses to provide endless free stuff forever. But many people conclude that The Cloud is completely different […]

Last week and the week before I told about how a vulnerable cloud server was deployed and exploited, only noticed when the cloud provider’s IDS spotted the problem. In Learning Tree’s Cloud Security Essentials course we discuss the prevalence of “Shadow IT”, or the unauthorized and unrecorded purchase of cloud services. Now a recent survey […]

Last week I told about how a vulnerable cloud server was deployed, ignored, and then owned by an attacker, with Amazon catching this and the entire cycle complete in just over two weeks. It had an obvious cause: skipping part of the process in which unneeded cloud resources are shut down. But I said that […]

The cloud has some unique legal considerations and even risks that are important and often overlooked. It’s a mysterious business for non-lawyers with its own terminology. We talk some about legal issues in Learning Tree’s Cloud Security Essentials course. Let’s start with representations and warranties. A representation is a statement of fact about the past […]