Vince has arranged a seminar with our customers on the topic of cloud and security.
Carl Bretteville, the system architect at Sicra, gave us a security presentation with and without cloud solutions. Cloud systems, for the most part, have the same security requirements as a traditional IT environment. As before, the same security principles are still valid, and there must be commitment throughout the whole organization.
Be careful with exposing things on the internet. There is no reason to make databases, RDP, or the Docker portal available for the whole world to download on-demand (Docker is a tool designed to make it easier to create, deploy, and run applications by using containers that run on Linux).
Many organizations lack knowledge on how to set up and operate systems and technology securely. Simultaneously, uploading data to the cloud is easy. This makes it easy for hackers to get access to data they should never have access to. Invest in knowledge, invest in your team, and make sure to follow up. The organization is responsible for what’s being uploaded to the cloud, and you cannot expect AWS`s security team to be your security team. Patch everything, always. And most importantly: Do not put something on the internet you do not understand.
We also had a presentation from Plantasjen. Plantasjen has taken 70- 80 % of its business into cloud-based solutions. To tell us more about this journey, we had a presentation from IT- director Olav Fyldeng and IT- architect Espen Gylterud. They told us about their cloud solution and what to consider when migrating to the cloud in terms of security.
Understanding the new era of cybercrime is crucial. Cybercrime is a global threat, and the trade of state secrets, data information, and industrial espionage is a billion-dollar business for hackers. These hackers are done with targeted attacks and with advanced persistent attacks. The attacks now happen to websites, our mobile phones, and emails. All of us are constantly under attack, and we must take these attacks seriously. For this reason, you should regularly detect and clean up viruses, identify email theft attempts, and be aware of mobile device malware and phishing attempts.
• Misconfiguration. Misconfigured services provide an open gate for hackers.
• Crypto miners target the cloud infrastructure to exploit the vast computational power it presents. This generates huge profits for cybercriminals.
• API’s used to manage, interact, and extract information from services are also targets.
• The complexity of cloud architectures increases attack surfaces.
• A common method to attack clouds is hijacking email accounts belonging to individuals or organizations.
• Malware delivery true propagation, especially through in-app file-sharing services.
• Data leakages may occur, intentionally or unintentionally, when sharing information with cloud services.
There are three main reasons for the cloud:
1. Software as a Service (SaaS), responsible for nearly all the security since the cloud user can only access their applications.
2. Platform as a Service (PaaS), responsible for the platform’s security, while the consumer is responsible for everything they implement on the platform. They are also responsible for configuring any offered security features.
3. Infrastructure as a Service (Laas). Just like PaaS, the provider is responsible for basic security, while the cloud user is responsible for everything they build on the infrastructure.
“There is no cloud. It`s just someone else’s computer.”
“Zero trust is the goal.”
We had a fantastic event with our customers, and we are grateful for everyone who could make this a great educational evening.