As cloud rises to encompass to more corporate applications, data and processes, there's potential for end-users to outsource their security to providers as well.
The need to take control of security and not turn ultimate responsibility over to cloud providers is taking hold among many enterprises, an industry survey suggests. The Cloud Security Alliance, which released its survey of 241 industry experts, identified an "Egregious 11" cloud security issues.
The survey's authors point out that many of this year's most pressing issues put the onus of security on end user companies, versus relying on service providers. "We noticed a drop in ranking of traditional cloud security issues under the responsibility of cloud service providers. Concerns such as denial of service, shared technology vulnerabilities, and CSP data loss and system vulnerabilities -- which all featured in the previous 'Treacherous 12' -- were now rated so low they have been excluded in this report. These omissions suggest that traditional security issues under the responsibility of the CSP seem to be less of a concern. Instead, we're seeing more of a need to address security issues that are situated higher up the technology stack that are the result of senior management decisions."
This aligns with another recent survey from Forbes Insights and VMware, which finds that proactive companies are resisting the temptation to turn security over to their cloud providers -- only 31% of leaders report turning over many security measures to cloud providers. (I helped design and author the survey report.) Still, 94% are employing cloud services for some aspects of security.
(Score: -1, Spam) by Anonymous Coward on Sunday August 18 2019, @05:38PM (3 children)
Dick Niggers.
We never fuck no old pussy.
We fuck a whole lotta young pussy.
Pussy in the cloud ain't secure from Dick Niggers.
(Score: 0) by Anonymous Coward on Sunday August 18 2019, @07:23PM (1 child)
Oh if it isn't Dick Niggers? Man it's been years now hasn't it? I guess Slashdot's new policy brought home, ha? Their loss I say. Place hasn't been the same without you.
All we need now is rape-story guy and Ethanol and we're all set.
(Score: 1) by Ethanol-fueled on Sunday August 18 2019, @07:28PM
Man, I wish Slashdot's search function was worth a shit, because there are a couple trolls from others there I wish I had saved. The first one was the "Christ, I love Greek!" troll, and there was another hilarious one about stud dogs that might have been a one-off.
The library bathroom and the one about the White guy at the gym were also pretty good, especially after Obama was elected and people posting the troll replaced "Jamal" with "Barack."
Ahh, good times. Good times.
(Score: 0) by Anonymous Coward on Sunday August 18 2019, @11:06PM
white men are incels
black men, superpredators
all hacking the cloud
(Score: 0) by Anonymous Coward on Sunday August 18 2019, @06:01PM
pr for the security-industrial complex
(Score: 1, Troll) by Gaaark on Sunday August 18 2019, @07:16PM (2 children)
Security is too important: that's why we use Windows! WE DA BOMB!
Oh...Hey dere Uncle Dad!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Insightful) by Gaaark on Monday August 19 2019, @02:11AM (1 child)
Troll? F-off!
You CAN'T talk security if you use Windows.
Seriously.
You use Windows I guess? Don't click on anything, cloud or not.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Monday August 19 2019, @11:52AM
I'd venture windows 3.11 with no network drivers on an air-gapped computer inside a Faraday box powered from a battery.
no sound card and display pointing away from the window.
hm. the "away from the window" was unintentional.
(Score: 2, Funny) by Anonymous Coward on Sunday August 18 2019, @07:28PM
Cloud security was never exclusively in the provider's hands to begin with. You had your triple letter agencies there. The occasional competitor bribing an employee for a backdoor. The developers of all the propitiatory crap they're running own backdoor. The neighbor's wiz kid they call in to reboot the box when windows blue screens. Microsoft... Red Hat... Intel...
Don't worry. Everyone is carefully reviewing your security. It's perfectly safe.
(Score: 4, Insightful) by jmichaelhudsondotnet on Sunday August 18 2019, @07:34PM (6 children)
I think cloud is about the worst word you could use to possibly describe computers. \
A cloud would more effectively describe a brain or machine learning cluster.
If cloud means basically 'a whole bunch of computers and extra layers between them owned by complex legal entities in dubai'
Well hmmm that might describe the domain name system which seems to work, but when you want to really lock down your security you don't want 15 people and 400 or so random internationally distributed computers involved in completely opaque algorithms.
At least that's me. It's like having google operate the door lock to your house, then the first time it doesn't work, you're like, where exactly was this decision made, and no one is going to even be able to tell.
You could be in testing like portal. Or the 15th person was a thief and they were just getting out the back when you got home.
Or worse, they're still waiting inside.
(Score: 0) by Anonymous Coward on Monday August 19 2019, @03:23AM (1 child)
Well, it can quickly become a cloudsterfuck. What a better description?
(Score: 2) by DannyB on Monday August 19 2019, @04:10PM
A really large fustercluck should look at software such as kubernetes.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 5, Informative) by driverless on Monday August 19 2019, @04:16AM (2 children)
That's why I, and many others, refer to it as "someone else's computer". Firstly, because that's exactly what it is, and secondly because it immediately shows what an oxymoron "security of your data on someone else's computer" (a.k.a. "cloud computing security") really is.
(Score: 0) by Anonymous Coward on Monday August 19 2019, @11:19AM (1 child)
+1 agree.
https://static.fsf.org/nosvn/stickers/thereisnocloud.svg [fsf.org]
"There is no cloud...just other people's computers"
(Score: 0) by Anonymous Coward on Monday August 19 2019, @01:31PM
GTA V radio Cloud Computing AD [youtube.com].
(Score: 3, Informative) by jb on Monday August 19 2019, @06:43AM
It's really quite simple. In this context, "cloud computing" simply means "doing your computing on someone else's computer", just like "bureau" used to a few decades ago.
From a security perspective, the only difference between a bureau and a "cloud" is that if you were a big enough customer the bureaux (or at least, the better ones) used to let you audit them. No "cloud provider" will ever let you do that (and even if they did, it would be meaningless anyway, because so much would have changed already just in the time taken to write/read the audit report, "because cloud scale"...).
I'm still amazed that so many otherwise intelligent people have fallen for this particular fad.
(Score: 2) by DannyB on Monday August 19 2019, @04:11PM
Cloud security is so very important that we should put it in the hands of congress.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.