Gomboc.ai转发了
CPO & Co-Founder @ Gomboc.ai | Leader | Customer champion | Coach | Architect | Driving innovation through people and technology
Cloud Security Nightmare: Shared Responsibility Gone Wrong https://lnkd.in/gEXaV4bb New research reveals a major security vulnerability in AWS’ Application Load Balancer. The issue? People weren't validating token signers, a common misstep in cloud setups. This highlights a fundamental problem with the shared responsibility model:?cloud providers often push the burden of security onto their customers.?Keeping up with constant API changes and documentation updates is nearly impossible. Since cloud providers can’t see their customers’ environments, the burden falls to cloud consumers. How can we ensure secure cloud environments when even minor configuration oversights can lead to major breaches? To my friends in the security community: - How do you help your companies (or customers) manage through these types of situations? - Where do you feel the pain of mastering all of this cloud configuration knowledge? - What could we do to make these types of situations more manageable? It’s time to leverage AI to “RTFM” continuously for us and put information at the fingertips of practitioners to make our clouds efficient and secure. #cloudsecurity #aws #sharedresponsibility #cybersecurity
Curtis Deptuck
3 个月
In ALBeast, the seperation of responsibilities between the developer codebase and the "infrastructure" is more than likely the root cause. It's a pretty classic story, both sides assumed they were secure and validating while neither side was. I see that narrow viewed not my problem mentality almost everyday and AI is just going to be another crutch for what is an ignorant behaviourism that needs to be fixed tbh. As a developer or anyone really, if you chose to build something in the cloud, you choose to operate and maintain it and yes you need some minimal level of understanding of it end to end. These are not boxed products you put on a shelf and forget about it because the fault isolation domain is a single customer. That's the problem that needs addressing.
Jonathan Cran
3 个月
It’s time to leverage AI to “RTFM” continuously for us and put information at the fingertips of practitioners to make our clouds efficient and secure. ^ YES
Iftach Ian Amit
3 个月
Well said!
Lidiia Mandrovna
3 个月
Insightful!
CPO & Co-Founder @ Gomboc.ai | Leader | Customer champion | Coach | Architect | Driving innovation through people and technology
3 个月Link to the original URL of the Wired article: https://www.wired.com/story/aws-application-load-balancer-implementation-compromise/