The cybersecurity landscape has been substantially altered by organizations moving on-premise workloads to the cloud. Important to note though is that moving infrastructure, applications, and data to the cloud doesn’t mean that the responsibility for information security shifts from organizational personnel to the cloud provider.
As has been amply demonstrated by developers leaving cloud storage containers globally accessible, the security of a deployment in the cloud is as only as good as it is configured by the cloud tenant to be. Just as with on-premise information system security, the settings to secure workloads are present, but they must actually be configured by the information technology professionals responsible for those workloads.
For example, a cloud storage container used by a major US newspaper to host website code allowed read access to anyone in the world. Attackers used this access to inject coin mining code into the web pages delivered by the newspaper to its readers. Each time a reader visited the newspaper website, some cycles of their computer’s CPU worked on generating cryptocurrency for the attackers who had modified the contents of the cloud storage container.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.