As published in the May/June 2020 edition of InfoSecurity Professional Magazine.
By Anne Saita
In 2012, a Fortune 500 oil and gas company joined the early adopters migrating assets and business processes to “the cloud.” Corporate executives’ biggest security concern then was the potential for a rogue administrator from a chosen cloud service provider to pilfer all of its data. “That was the big fear at the time,” explained Jon-Michael C. Brook, CISSP, CCSK, a principal at Guide Holdings who consulted with the company during its initial cloud migration. “They weren’t as worried about errors that they might make; they were more worried about the trusted insider within the cloud service provider.” Those concerns haven’t gone away, but eight years later a different insider threat is forcing companies to step up their cloud security posture. Today, a cloud-based breach is much more likely to come from an honest mistake rather than malicious attack.
This commonplace lapse in configurations, combined with a growing global reliance on cloud services and increasing complexity of cloud infrastructures, is expanding risks and challenging vendor relationships. It’s also requiring cloud consumers to “own” their security, rather than rely on providers to carry a greater load.
Cloud-Based Apps and Data
Commercial cloud usage in recent years has moved up the technology stack, from an early reliance on renting virtual machines and storage space with infrastructure as a service (IaaS) and platform as a service (PaaS), to widespread use o ..
Support the originator by clicking the read the rest link below.
