The cloud’s weakest security links aren’t where you’re looking

Posted on 05-02-2019 , by: admin , in , 0 Comments

You pride yourself on your cloud computing security strategy and tool stack. Indeed, your system made up of many security solutions is both proactive, and self-updating. So, you’ll never have to worry about new security attacks that you’re not prepped to defend—well, almost.

Most IT shops do a good job looking for the latest DNS and ransomware attacks, but they’re not paying as much attention to the cloud security fundamentals such as physical security, federated data access governance, and network visibility.

I once had a friend who was the best security guy in the business. He built a software-based security solution for his company’s on-premises data center that was both well done and state-of-the-art. However, over the weekend a security guard failed to lock a loading dock door and those very secure servers left in the bed of an F-150.

The moral of this story for the cloud is that while we seem to be clever in pulling together the best cloud security solutions, in many instances we’re missing the more primitive aspects of security. While I don’t believe that your cloud server will go rolling down the street in the back of a truck any time soon, there are very similar things to look out for. Here are three:

Application-level security. For the most part, cloud security people don’t look at application-level security, cloud or not. This is due more around control and politics more so than desire. However, if an application has access to data, and that application is vulnerable, then so is the data.

The answer is that security needs to be designed in the application and should be systemic to all applications and databases. Yet that’s almost never the case.