CLOUD COMPUTING

Cloud Security: Shared Responsibility Between Provider And User

Who is responsible for IT security in cloud computing? Many companies still do not seem to be sufficiently aware.

One of the two areas that need to be protected is the cloud itself, and the provider is responsible for protecting it. On the other hand, it is the stored data and the applications that have been set up in a company for which cloud security is relevant. Their protection – and this is where the misunderstanding often lies – is the company’s responsibility, not the provider. Shared responsibility often describes the relationship between the two parties involved, but many cloud projects still fail because of this idea.

Cloud Infrastructure: Concept Of Shared Responsibility

Every company that seriously wants to go along with the digital change and introduces a cloud environment has to be aware of shared responsibility. If this does not happen, or if it does not happen enough, it can have enormously damaging effects on the company and its customers: The IT incident at the US financial services provider Capital One made headlines around the world at the end of July. News magazines and specialist portals reported the successful attack by a hacker who stole sensitive data from 100 million customers in the USA and six million customers in Canada and disclosed it on the Internet.

Capital One stored the data sets in the Amazon Web Services Cloud. They were stolen from there, and the perpetrator used to work for the cloud provider. So it’s easy to connect and pinpoint a culprit, but the facts prove otherwise: The AWS Cloud’s protections were completely intact. Instead, the hacker took advantage of a misconfiguration of the firewall that Capital One operated to protect the data in the cloud.

Cloud Security: Data Offered In The Dark Web

A similar case is now shaking the industry in Asia: The airline Malindo Air reported on September 19 that it was investigating an incident that affected its passengers and those of the Thai Lion Air airline. According to the South China Morning Post, the phone numbers, addresses, and sensitive ID card details of 30 million passengers were stolen and posted on an online forum. For this purpose, the data records were loaded into a freely accessible AWS bucket, and some were even offered on the dark web. The latter is particularly treacherous because the data had previously been stolen from the Malindo Air servers operated via AWS. The attack took place via an unnamed third-party provider, not via the AWS Cloud itself.

These incidents call for caution when dealing with cloud environments. They are the future of the digital market, but the data and applications parked there must be protected by cloud security. Data in cloud services are only as secure as the configuration of the security measures surrounding them. Organizations can easily activate hundreds, thousands, or even millions of AWS S3 buckets – or similar cloud data stores from competing platforms. However, because of the resulting complexity, it is essential for companies to constantly check and correct incorrect configurations of their IT infrastructure – especially since cloud services occasionally change their settings and make adjustments necessary. This is done by hand but is a very time-consuming process. Automated cyber security solutions are the better choice here, especially since they help avoid the usual human carelessness errors when configuring the security mechanisms.

Tech Cults

Tech Cults is a global technology news platform that provides the trending updates related to the upcoming technology trends, latest business strategies, trending gadgets in the market, latest marketing strategies, telecom sectors, and many other categories.

Recent Posts

Rise of Online Ludo Games in the World of GenZ

The digital era has replaced the long-lasting gaming culture in recent years, especially for GenZ.… Read More

3 weeks ago

The Benefits Of Live Chat That You Don’t Know About

Live visit programming might be great if you believe that a magnificent way should be… Read More

4 weeks ago

How to Use Bitcoin for Donations and Supporting Charitable and Humanitarian Efforts

Imagine a world where your donations can traverse the globe in seconds, bypassing traditional banking… Read More

3 months ago

Resource Management: 7 Best Practices For Your Project

Resource management is strategic not only for the success of projects but also for the… Read More

3 months ago

The Benefits of Keeping Your Old Phone

When your two year mobile phone contract comes to an end, you might find yourself… Read More

4 months ago

Cultivating Leadership Excellence in the Corporate World

In an era where business dynamics shift with dizzying speed, the difference between success and… Read More

5 months ago