Security (or lack thereof) in the Cloud
The case of sensitive Twitter documents being exposed due to a breach of an email account and access to the Google Documents application adds fuel the already discussion that is already approaching inferno status. I’ve heard two very different points of view on whether moving applications to the cloud will help or hinder security.
One side of the debate says that moving applications and data to the cloud is an extremely dangerous proposition. This group contends that putting applications and data in the cloud make it more accessible to the bad guys while assembling data from multiple organizations all in one place.
I absolutely see the point that moving to the cloud has certain risks and could create efficiencies for the bad guys (attacking one place instead of many).
My main worry with keeping data and applications out of the cloud is this: Having an individual instance of each organization’s data and applications sitting within each organization’s data center means the security and protection of those data and applications falls to the security employee/team of each organization. There are now millions of people/teams worldwide with the charter to protect the applications and data of their organizations. While almost all of these people are brilliant at what they do, I see a nightmare of keeping all of them up to date on best practices, system patches and updates, etc.
Taking the cloud scenario to its extreme, we see a type of efficiency that can be gained. When many organizations data and applications are all stored in one place, that place will absolutely have to be an expert at protecting that data and those applications, but it seems like it would be easier to protect a lot of things under one protocol than protecting many things, each in their own disparate environs.
My preference on this point may have something to do with my being control freak. When I think of all of the data and applications that need protecting, it’s easier for me to understand how to protect them if they are all in one place.
The debate on security of the cloud is currently raging. It would be great to hear some other viewpoints on this topic and see where my logic is flawed.
No comments yet.
Leave a comment
About
Silver Tail is leading the fight against business logic abuse with 3rd generation fraud prevention.
Hackers are no longer high school kids trying to one-up their friends or criminals trying to just break-in to sites. Instead, today’s sophisticated hacker is organized crime, strategically targeting websites, stealing billions of dollars from companies and their customers. Vendors providing web application security and intrusion prevention have forced hackers to become much more innovative in their means of attacking websites. These hackers now target the legitimate business logic of websites to perpetrate their fraud, including hijack threats, velocity attacks and gaming schemes. Silver Tail is using the deep domain expertise of its team to provide software that combat business logic abuse in real-time.
Silver Tail was founded by a team of fraud prevention experts who built anti-fraud and anti-phishing tools at eBay and PayPal. Through their experience and proprietary algorithms, they have built a system that is scalable, minimizes false positive rates, and is extremely flexible to adapt to changing attack vectors.
Feedburner
RSS Feed
-
Archives
- December 2009 (5)
- November 2009 (7)
- October 2009 (8)
- September 2009 (7)
- August 2009 (8)
- July 2009 (7)
- June 2009 (6)
- May 2009 (6)
- April 2009 (14)
- March 2009 (8)
- February 2009 (5)
- January 2009 (8)
-
Categories
- behavior analysis
- business logic abuse
- Business Logic Flaw
- Business Process Abuse
- Compliance
- Cost of fraud
- Data Loss
- Detection
- education
- Fraud
- Gaming
- General
- information security
- Investigation
- Man-in-the-Browser
- Online Fraud
- Payment
- Phishing
- Prevention
- risk management
- Social engineering
- Social Networks
- Trust
- Uncategorized
- web logic abuse
- Zeus
-
RSS
Entries RSS
Comments RSS
