Home CLOUD COMPUTING Cloud Security: Shared Responsibility Between Provider And User

Cloud Security: Shared Responsibility Between Provider And User

Who is responsible for IT security in cloud computing? Many companies still do not seem to be sufficiently aware.

One of the two areas that need to be protected is the cloud itself, and the provider is responsible for protecting it. On the other hand, it is the stored data and the applications that have been set up in a company for which cloud security is relevant. Their protection – and this is where the misunderstanding often lies – is the company’s responsibility, not the provider. Shared responsibility often describes the relationship between the two parties involved, but many cloud projects still fail because of this idea.

Cloud Infrastructure: Concept Of Shared Responsibility

Every company that seriously wants to go along with the digital change and introduces a cloud environment has to be aware of shared responsibility. If this does not happen, or if it does not happen enough, it can have enormously damaging effects on the company and its customers: The IT incident at the US financial services provider Capital One made headlines around the world at the end of July. News magazines and specialist portals reported the successful attack by a hacker who stole sensitive data from 100 million customers in the USA and six million customers in Canada and disclosed it on the Internet.

Capital One stored the data sets in the Amazon Web Services Cloud. They were stolen from there, and the perpetrator used to work for the cloud provider. So it’s easy to connect and pinpoint a culprit, but the facts prove otherwise: The AWS Cloud’s protections were completely intact. Instead, the hacker took advantage of a misconfiguration of the firewall that Capital One operated to protect the data in the cloud.

Cloud Security: Data Offered In The Dark Web

A similar case is now shaking the industry in Asia: The airline Malindo Air reported on September 19 that it was investigating an incident that affected its passengers and those of the Thai Lion Air airline. According to the South China Morning Post, the phone numbers, addresses, and sensitive ID card details of 30 million passengers were stolen and posted on an online forum. For this purpose, the data records were loaded into a freely accessible AWS bucket, and some were even offered on the dark web. The latter is particularly treacherous because the data had previously been stolen from the Malindo Air servers operated via AWS. The attack took place via an unnamed third-party provider, not via the AWS Cloud itself.

These incidents call for caution when dealing with cloud environments. They are the future of the digital market, but the data and applications parked there must be protected by cloud security. Data in cloud services are only as secure as the configuration of the security measures surrounding them. Organizations can easily activate hundreds, thousands, or even millions of AWS S3 buckets – or similar cloud data stores from competing platforms. However, because of the resulting complexity, it is essential for companies to constantly check and correct incorrect configurations of their IT infrastructure – especially since cloud services occasionally change their settings and make adjustments necessary. This is done by hand but is a very time-consuming process. Automated cyber security solutions are the better choice here, especially since they help avoid the usual human carelessness errors when configuring the security mechanisms.

Tech Cults
Tech Cults is a global technology news platform that provides the trending updates related to the upcoming technology trends, latest business strategies, trending gadgets in the market, latest marketing strategies, telecom sectors, and many other categories.

RECENT POSTS

Man And Technology Must Collaborate In The New GDPR Era

In the era of heightened awareness of personal data privacy, following the introduction of the GDPR, companies need to be prepared for the influx...

Team And Technical Agility In SAFe

Scaled Agile Framework (SAFe) gives an exhaustive way to deal with executing light-footed standards and practices at scale. SAFe depends on seven center -...

Top Python Libraries For Web Scraping

Web scraping is an effective method for data retrieval and extraction, allowing users to access and gather information from websites using automation tools and...

Income Tax Filing For Startups And Small Businesses In India

Introduction Startups and small enterprises in India have to file taxes. It assures tax compliance and helps firms keep clear financial records. Startups and small...

Word Comments And Revisions: How To Track Changes On The Document

How tracking changes applied to a Word document works: revisions and comments are just a click away. Although collaborative editors are increasingly "popular," Word...

Holding Company: What Is It For, And What Are The Benefits?

Most entrepreneurs have yet to learn the benefits that the establishment of a holding company can offer, thinking that such instruments are only advantageous...