Cloud Security Concerns - Post Thumbnail

Want to talk about a survey that was conducted by checkpoint two over almost 700 industry professionals to compile their 2020 cloud security report. And I like looking at these types of reports that are built on, um, surveys or polling industry professionals that are on the ground in the trenches, and actually working with the, working with the technologies day in, day out in the challenges that they’re having, rather than listening to experts, uh, uh, pontificate or, or theorize on what the challenges are going to be in the future, because those on the ground are actually, uh, experiencing things. And I find them to be a little bit more reliable than, uh, some of the concerns that say, well, you know, up and coming, this is going to be the biggest threat. Well, in reality, that’s generally they’re not lined up to what the real world is.

So I like these, these server reports. So checkpoint released this report 2020 cloud security report and 700 industry professionals. And it was focused on cloud security and three quarters, 75% claim to be very or extremely concerned about cloud security with almost half or a little bit over half believing that the risks are higher in the public cloud than on premises. And I could argue one way or the other in some cases that might be accurate in other cases, um, the cloud services, at least that I work with and I work with cloud services every day, uh, Amazon and Azure specifically, or primarily that there are a lot of things that, um, is far superior than what you can do on premise, especially when it comes to budget manpower. If you’ve got an army and an unlimited budget, then you can do things above and beyond, or at least match the cloud premises or the cloud versus on-prem.

But for the most companies, the on-prem versus the cloud argument, the cloud will prevail in many, many areas, uh, above and beyond, especially for the ease of deployment. So, but I’m not going to get into that, but that’s, that’s, that’s why it’s 50% somewhere on one side, some rather than the other, the survey said that the top four threats, um, the top four threats from the survey were cited as number one was misconfigurations. The second was unauthorized cloud access. Third were insecure interfaces and fourth was account hijacking. So we have misconfiguration as number one, unauthorized cloud access and account hijacking. And as those three of the four, and I could take those are all within the control of the, of the owners and operators of a cloud service insecure interfaces that could go one way or the other technical failure or, or bugs or software failures, et cetera, et cetera.

But misconfigurations on authorized cloud access for identity and access management and account hijacking, which could be, you know, social engineering, things like that are all within the realms of the people and those types of things. Uh, those types of threats are also just as strong as on-premise. Um, whether you are relying on your perimeter security or the cloud security, those particular concerns should be all the way down, but misconfigurations original. Do an episode on this one is because it is a significant deal within cloud services and the most difficult challenges that I, that I see when people are moving, especially, um, uh, you know, the rookies or the newbs moving purely, um, for the first time into a cloud service, whether it’s a simple application or moving a large chunk of a data center or hybrid motor, or what have you, it’s the mentality of applying on-premise, you know, in some cases, decades of on-premise mentality of building infrastructure, securing it, operating it and shifting gears into the cloud mentality.

And it is a different mindset. It’s a different methodology. Um, it’s your, you know, serving applications in different ways. You now introduce, uh, yes, you can still have VMs, but you don’t necessarily have physical servers. You’re not rack stack power and cabling, anything anymore. It’s, it’s, you’re relying on these types of virtual infrastructure to spin up. Then you talk about infrastructure as a service, you’re talking platform as a service, you’re talking single-page applications, you’re talking about things that spin up and live in containers that exist only for their use, and then they disappear. So it’s intangible types of things. So some of the, the legacy on-prem type of agent-based technologies that you might rely on can’t function in that, in that scenario necessarily. But that means that the cloud config, that the cloud is reliant heavily on configurations, and I’ve gone through, uh, certifications on both sides, Azure and AWS, and it is significantly focused on configurations.

How do you configure these types of services to work with your applications, work with other services, work across accounts, across regions, and you have all these different mentalities that you’re not necessarily talking about data centers, you’re talking about regions, et cetera, et cetera. And these surveys comes out and said, yes. Now I can see misconfigurations as being the top concern because the training, the awareness, the education, and just getting in there, using it every single day, that is going to be the key to having a secure and operational cloud service is how it’s configured. And the, and the difficulty is, is not only how a service is configured, but how it is configured across the whole paradigm of your cloud service subscription. And when you introduce something else, introducing that, and then building all of those types of things. So instead of necessarily following the bits and the bites at the level that you wouldn’t, on-premise, you’re following the configurations and relying more heavily on the, the cloud service provider to do those bits and bytes worrying.

And you’re just going to be configuring it and flipping the switches and doing the flow is because they are still responsible for the perimeter security. And what I call the Hollywood hackers busting through the firewall, breaking into your environment is highly improbable. That’s going to happen. Amazon and Microsoft have security controls above and beyond that. We can even imagine and understand protecting their services for the contracts that they have for the, you know, just the government agencies around the world that they have just, you know, these types of things, it’s, it’s there, but you still have a responsibility to configure and maintain your environment. And we see it all the time. I left my S3 bucket wide open. I put this out here and it was on the public. It should be on the private. And what does that come down to configuration? So the surveys is very good, um, adoption into that is that one of the constraints of moving into cloud because of this is lack of training, lack of awareness and lack of budget to support these types of things.

Yet the business initiatives are saying that we need to move into the cloud and that’s, that’s, you know, things that I work with everyday, and I can reflect upon this, the survey. So, um, I wrote running a little long on the episode today, but I’ll put a link in the show notes to check point’s 20, 20 cloud security report. And it’s a very good read. It gives a reflection of, of those that are down in the trenches. I’ve actually gone through this, done. The migrations, worked with it every single day, and their concerns will eventually become your concerns if you’re moving into the cloud. But the trick is, is to look what those concerns are for those that are doing it now reflect on it and plan for it before you go into it and just repeat the same mistakes and the same concerns that they’re dealing with.

It removes a lot of worries, but it introduces new things that you have to focus on. And it doesn’t absolve you from anything security wise. It just changes the way you think about security, because at the end of the day, your application services still need to be secure in the cloud. It’s just done a little bit differently and your responsibilities shift, but at the end of the day, and to end cloud versus, you know, compared to you, you still need to deliver a secure application and that can be done in the cloud. There’s nothing that you’re not going to be secure in the cloud, but you just need to plan for it and be aware of it, lay it out and go forward. Like anything else, security and five, be aware,


Leave a reply

Your email address will not be published. Required fields are marked *



We're not around right now. But you can send us an email and we'll get back to you, asap.


© Coptyright All rights reserved 

Log in with your credentials

Forgot your details?