Putting Data In The Cloud? Retain Control

  /     /     /  
Publicated : 22/11/2024   Category : security


Putting Data In The Cloud? Retain Control


Security researcher warns many companies are trading catastrophic problems for gains in efficiency



At the beginning of Stanley Kubricks epic, 2001: A Space Odyssey, apes benefit from the use of technology, in the form of a club. By the end of the movie, however, humans are threatened by the technology used to help them survive in the stars, the artificial intelligence HAL.
In some ways, this technological arc -- from tool to master -- is an apt allegory for companies entering the cloud, Davi Ottenheimer, president of security consultancy Flying Penguin, plans to argue in his presentation at the B-Sides Security conference in Las Vegas next week. Firms seeking greater efficiency and more features may rely on the technology of a cloud provider, leaving themselves vulnerable to a single security incident.
In his presentation, Ottenheimer plans to draw illustrate the need a more secure approach to clouds using the themes from 2001: A Space Odyssey.
The central question for companies is, Do you have control? Ottenheimer says. The fight between the humans and HAL in a nutshell is the fight between the customers and the cloud provider. Humans reliance on the tools to survive in space is almost their undoing, and reliance on cloud services can similarly be a firms undoing.
Reliance on cloud vendors security has led to a number of high profile breaches. In March, marketing service provider Epsilon
reported a massive breach of its systems
that led to more than 100 large companies -- including such giants as Citibank, JPMorgan Chase and Walgreens -- sending out warnings to their customers.
Dropbox is another example. Individuals can put
business-sensitive data
into the cloud storage service, where anyone with access to the server could potentially read the file because it uses a central encryption key. While the design of the cloud service allows third partys to access their users accounts to offer interesting services, it also leaves the data much less secure than a system that encrypted the data before sending it into the cloud, Ottenheimer says.
A number of companies are providing encryption services to secure data inside the cloud.
CloudSwitch
, for example, allows companies to run their software and store their data in a private or public cloud in its own encrypted network. Another company, CipherCloud, allows companies to use other services, such as Salesforce.com, but encrypt their data.
Companies are really helped ... by just thinking out how to protect their data, says Varun Badhwar, vice president of business development for CipherCloud, a security provider. Once they have figured data protection out, then they are better off, because their cloud applications can be used the way they want to.
For companies that want to roll their own solution, turning to encryption standards such as the Symmetric Key Services Markup Language (SKSML) can help secure data before shipping it off to a cloud providers facility.
Ottenheimer stresses that cloud services themselves are very useful, but the ones that require a company to give up securing its data are dangerous. You can centralize everything, as long as you dont give up control, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Putting Data In The Cloud? Retain Control