Do you remember all the apprehension about cloud migration in the early days of cloud computing? Some of the concerns ran the full paranoia gamut from unreliability to massive overcharging for cloud services. Some concerns, such as the lack of security of the entire cloud infrastructure, rose to the level of conspiracy theories. It is nice to know that those myths are all behind us. 

Or are they?

FinConDX 2021

It seems that many of the earlier misconceptions have been replaced with new notions about the cloud. Some of the newer ideas focus on misconfigurations. Legitimately, recent posts about misconfiguration problems are cause for concern. However, this does not rectify the problem of some of the myths about cloud configurations.

Cloud Myth Busters

In an effort to remedy some of these myths, Tripwire has produced a white paper that seeks to debunk five common myths about cloud misconfigurations. To be clear, this does not mean that there is no such thing as a cloud misconfiguration.  For example, the old style of thinking that a firewall should block various inbound connections while allowing unfettered outbound access opens up a network to some of the easiest-to-perform reconnaissance-based attacks. There have also been enough cases of unsecured storage leading to compromised systems to demonstrate that security is still a primary concern.

On Solid Ground

Many myths take flight and have a remarkable way of catching on. Of course, the best way to combat bad information is with the correct information, bringing the myth to a soft landing into the appropriate mud pile where it can sink into oblivion. As the paper points out, there are plenty of legitimate problems that cost many companies a lot of money. Considering the reality, it makes sense that it is time to stand on solid ground (Read more...)