Weekly CloudNews: The Confusion About Cloud Security

Welcome to this week’s edition of CloudBolt’s Weekly CloudNews!

Here are the blogs we’ve posted this week:

• Podcast | The Cloud Junkies | Episode 1: The Evolution of Cloud & the Founding of CloudBolt w/ Auggy da Rocha & Bernard Sanders
• IT Automation Secrets: Offer Self-Service IT as the Norm
• Multi-Cloud Management System: The Five Big Challenges It Solves

With that, onto this week’s news:

Cloud security is a shared responsibility. Where’s the confusion?

Samantha Shwartz, Cybersecurity Dive, March 15, 2021

“Ensuring the integrity and security of the cloud is a two-party responsibility. The Cloud Security Alliance defines the shared responsibility models as internal security teams owning apps, data, containers and workloads in the cloud while the CSP takes on the physical security of the cloud infrastructure. 

The heart of the shared responsibility model centers on humans and trust. Trust erodes when customers misunderstand what security measures fall under the CSP. More often than not, customers understand what’s expected of them, but confusion grows in the varying security requirements between infrastructure, platform and software cloud environments.” 

The cloud is green. Let’s get on with migration

David Linthicum, InfoWorld, March 12, 2021

“A new report from IDC shows that the continued growth of public cloud computing could prevent the emission of more than 1 billion metric tons of carbon dioxide (CO2) from 2021 through 2024.

Reduced power consumption and emissions means we’re basically doing more with less. The greater efficiencies from aggregated computing and storage resources are motivating enterprises to move from discrete corporate data centers to better utilized and shared resources in public clouds.”

Official: Executive Order to Address Cloud Security Through Procurement

Mariam Baksh, Nextgov, March 16, 2021

“The White House plans to double down on commercial cloud technology through an upcoming executive order in response to the massive hacking campaign that leveraged cloud services to gain broad access into the networks of several federal agencies.

In the so-called SolarWinds hack, perpetrators used a trojanized update of the network management company’s software as well as common techniques like password spraying to gain initial access into nine federal agencies and about a hundred companies. But they also exploited a weakness in Microsoft’s Active Directory Federation Service to jump to organizations’ cloud-hosted Office 365 accounts and move laterally to other parts of organizations’ systems.”

We’re here to help you anywhere on your hybrid and multi-cloud journey. Request a demo today.