Vince has arranged a seminar with our customers with the topic cloud and security.
Carl Bretteville, system architect at Sicra, gave us a presentation on security with and without cloud solutions. Cloud systems for the most part have the same security requirements as a traditional IT environment. The same security principles as before are still valid and there must be commitment throughout the hole organization.
Be careful with exposing things on the internet. There is no reason to make databases, RDP or the Docker portal available for the whole world to download on demand (Docker is a tool designed to make it easier to create, deploy, and run applications by using containers that run on Linux).
Many organizations lack knowledge on how to securely set up and operate systems and technology. Simultaneously, uploading data to the cloud is easy. This makes it easy for hackers to get access to data they should never have access to. Invest in knowledge, invest in your team and make sure to follow up. The organization is responsible for what’s being uploaded to the cloud and you cannot expect AWS`s security team to be your security team. Patch everything, always. And most importantly: Do not put something on the internet you do not understand.
We also had a presentation from Plantasjen. The company has taken 70- 80 % of its business into cloud-based solutions. To tell us more about this journey we had a presentation from IT- director Olav Fyldeng and IT- architect Espen Gylterud. They told us about their cloud solution and what to consider when migrating to the cloud in terms of security.
Understanding the new era of cybercrime is crucial. Cybercrime is a global threat and trade of state secrets, data information and industrial espionage is a billion-dollar business for hackers. These hackers are done with targeted attacks and with advanced persistent attacks. The attacks now happen to websites, our mobile phones and emails. All of us are constantly under attack, and we must take these attacks seriously. For this reason, you should on a regular basis detect and clean up viruses, identify email theft attempts and be aware of mobile device malware and phishing attempts.
Migration to cloud-based systems makes new threats possible:
• Misconfiguration. Misconfigured services provide an open gate for hackers.
• Crypto miners target the clouds infrastructure in order to exploit the vast computational power it presents. This generates huge profits for cyber criminals.
• APi`s used to manage, interact and extract information from services are also targets.
• The complexity of cloud architectures increases attack surfaces.
• A common method to attack clouds is hijacking email accounts belonging to individuals or organizations.
• Malware delivery true propagation, especially through in-app file sharing services.
• Data leakages may occur, intentionally or unintentionally, when sharing information with cloud services.
There are three main reasons in the cloud:
1. Software as a Service (SsaS), responsible for nearly all the security, since the cloud user can only access their use of applications.
2. Platform as a Service (PaaS), responsible for the security of the platform, while the consumer is responsible for everything they implement on the platform. They are also responsible for configuring any offered security features.
3. Infrastructure as a Service (Laas). Just like PaaS, the provider is responsible for basic security, while the cloud user is responsible for everything they build on the infrastructure.
“There is no cloud, it`s just someone else’s computer”
“Zero trust is the goal”
We had a fantastic event with our customers, and we are grateful for everyone who could participate to make this a great educational evening.