What Cybersecurity Threats Do We Face In The Cloud?
Oct 31,
2018
Last week I wrote that compliance and complacency are major challenges in the cloud. Yes, defensive technology is the same. However, the cloud poses some specific threats. Multitenancy Multitenancy scares people the most. You share cloud infrastructure with other customers. Your cloud services are running on virtual machines. Those VMs run on shared hardware. You […]
cloud governance,
cloud sprawl,
compliance,
FedRAMP,
FISMA,
GDPR,
GLBA,
HIPAA,
hypervisor,
multitenancy,
NIST,
PCI,
PCI DSS,
shadow IT,
SOX,
speculative execution,
virtualization
Why Won’t Cloud Providers Give Us Something For Nothing?
May 19,
2014
That’s a silly question, isn’t it? Cloud providers are businesses, so they will only give away a limited amount of goods or services in the hope that it will entice us to purchase more. We don’t expect physical-world businesses to provide endless free stuff forever. But many people conclude that The Cloud is completely different […]
Who Will Maintain Your “Shadow IT”?
Feb 24,
2014
Last week and the week before I told about how a vulnerable cloud server was deployed and exploited, only noticed when the cloud provider’s IDS spotted the problem. In Learning Tree’s Cloud Security Essentials course we discuss the prevalence of “Shadow IT”, or the unauthorized and unrecorded purchase of cloud services. Now a recent survey […]
What Happens When “Shadow IT” Goes Missing?
Feb 17,
2014
Last week I told about how a vulnerable cloud server was deployed, ignored, and then owned by an attacker, with Amazon catching this and the entire cycle complete in just over two weeks. It had an obvious cause: skipping part of the process in which unneeded cloud resources are shut down. But I said that […]
Don’t Overlook the Legal Concerns of the Cloud
Apr 29,
2013
The cloud has some unique legal considerations and even risks that are important and often overlooked. It’s a mysterious business for non-lawyers with its own terminology. We talk some about legal issues in Learning Tree’s Cloud Security Essentials course. Let’s start with representations and warranties. A representation is a statement of fact about the past […]