Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened and secure manner.

The inexorable movement of data and applications to the cloud that began several years ago and accelerated during the pandemic shows no signs of slowing down. The rationale for this transformation is driven by a desire to outsource non-critical functions (building and maintaining data centers, running and patching standard software packages) and to achieve business agility (scaling up, the ability to rapidly shift focus in light of market conditions).

Some of this migration is to public clouds such as Amazon Web Services (AWS) and Microsoft Azure. These platforms have brought the notion of the “shared-responsibility model” to the fore, related to the security and compliance of the overall solution. In this article, I consider the public cloud shared-responsibility model through the perspective of some recent security vulnerabilities found in public-cloud platforms, and the ramifications they had on users.

Here’s a sneak peek at the conclusion: Cloud service providers are not necessarily great at hardening the software images they supply to companies.

The Shared-Responsibility Model

Read More: https://threatpost.com/public-clouds-shared-responsibility-vulnerability/175778/