cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

Public Cloud's Single Biggest Failure

IMHO Cloud Service Providers (CSPs) keep their public platforms reasonably secure. That much I'm sure we can all agree on, otherwise we would not be doing business with them. What continues to cause concern  though is that organizations still suffer from Cloud data breaches that could easily be prevented by CSPs if they had implemented a continuous monitoring program for a customer.

 

Sure there is that subterranean partner network where you can add on a la carte security services, but over the last 10 years there has been a systemic erosion of CSP responsibility. With the rise and bland acceptance of CSP Shared Responsibility Models we have all learned that our assets in the Cloud are always at risk.

 

CSPs are very clear - it is a customer problem - hire cloud security professionals to fix your problems. They are not our problems. Have fun because if you get breached you can't sue us (Na Na Na Na Boo Boo). We have been drinking the Kool-Aid long enough, maybe too long to turn back. In 2021, when you are negotiating your services contract with your favorite CSP. Call their bluff on security claims. Do not accept the Shared Responsibility Model go to another CSP that will secure your data, audit your infrastructure, and build in continuous monitoring.

5 Replies
Beads
Advocate I

Re: Public Cloud's Single Biggest Failure

This has been my primary complaint since AWS launched way back when. Back then I would simply ask the salesperson trying to convince me to move my systems to the cloud: 'Who stands up in court with me when, not if, you fail?' Crickets.

 

Nough said.

 

- b/eads

JKWiniger
Community Champion

Re: Public Cloud's Single Biggest Failure

I mean unless you are a major client that would bring in significant money to AWS, Azure or whoever how likely are they to budge on anything? I like other can and have seen the problems but not know an answer.

 

John-

Caute_cautim
Community Champion

Re: Public Cloud's Single Biggest Failure

@AppDefects, @Beads How many people would actually understand their Shared Responsibilities, or even read them and just simply accept them as is?

 

Any one have a comprehensive list of threats and risks within AWS environments?

 

Some of them include:   If the VPC is compromised, it is then possible for someone to point the VPC at someone's else's S3 bucket etc.

 

Regards

 

Caute_Cautim

Beads
Advocate I

Re: Public Cloud's Single Biggest Failure

Most won't until called into court and wondering why they are there - alone.

 

- b/eads

Caute_cautim
Community Champion

Re: Public Cloud's Single Biggest Failure

@Beads   I agree, lets hope we can convince a few more people to be sensible in 2021.   AWS for instance do have a Shared Responsibility Model, perhaps people will read it and understand it and realise the implications.

 

We wish.....

 

 

Regards

 

Caute_cautim