IMHO Cloud Service Providers (CSPs) keep their public platforms reasonably secure. That much I'm sure we can all agree on, otherwise we would not be doing business with them. What continues to cause concern though is that organizations still suffer from Cloud data breaches that could easily be prevented by CSPs if they had implemented a continuous monitoring program for a customer.
Sure there is that subterranean partner network where you can add on a la carte security services, but over the last 10 years there has been a systemic erosion of CSP responsibility. With the rise and bland acceptance of CSP Shared Responsibility Models we have all learned that our assets in the Cloud are always at risk.
CSPs are very clear - it is a customer problem - hire cloud security professionals to fix your problems. They are not our problems. Have fun because if you get breached you can't sue us (Na Na Na Na Boo Boo). We have been drinking the Kool-Aid long enough, maybe too long to turn back. In 2021, when you are negotiating your services contract with your favorite CSP. Call their bluff on security claims. Do not accept the Shared Responsibility Model go to another CSP that will secure your data, audit your infrastructure, and build in continuous monitoring.
This has been my primary complaint since AWS launched way back when. Back then I would simply ask the salesperson trying to convince me to move my systems to the cloud: 'Who stands up in court with me when, not if, you fail?' Crickets.
I mean unless you are a major client that would bring in significant money to AWS, Azure or whoever how likely are they to budge on anything? I like other can and have seen the problems but not know an answer.
Any one have a comprehensive list of threats and risks within AWS environments?
Some of them include: If the VPC is compromised, it is then possible for someone to point the VPC at someone's else's S3 bucket etc.
@Beads I agree, lets hope we can convince a few more people to be sensible in 2021. AWS for instance do have a Shared Responsibility Model, perhaps people will read it and understand it and realise the implications.