Cloud Data Security in a Multitenant World
(Credit: “Practical Cloud Security” Published by O'Reilly Media, Inc)

Cloud Data Security in a Multitenant World

Seth H. Seth H.

Seth H.

Sr. Solutions Architect | Experienced Cybersecurity Professional | Mentor and Volunteer

发布日期: 2023年2月1日
+ 关注

When discussing Cloud application and multi-tenancy security, I always refer to the Cloud Shared Responsibility Model. To this day, it still amazes me just how many people who create Cloud applications, or actually oversee securing these platforms, or are unwitting Data Owners or even Data Stewards when it comes to keeping their data safe on multitenant IaaS, PaaS platforms like AWS, Azure, Google Cloud, Oracle Cloud, etc.?

Too many people are under the misguided belief that once their organization’s data is safe once it’s within the confines of the Provider’s platform, there is nothing else that needs to be done to protect it, that the Provider will take care of it. This “ignorance is bliss” approach can have serious consequences. In this past year (2022) there have been over 40 Cloud Vulnerability events published!

The most recent being a vulnerability in IBM Cloud Databases for PostGres SQL where a bad actor could have used this vulnerability to remotely execute code in other Customer’s environments to read and modify data stored in their PostgreSQL databases. (Credit: Cloudvulndb.org)

In the instance above, the responsibility for Data Access Security is the Consumer’s responsibility in all 3 Architectures! If you or your organization had fallen victim to this multitenant vulnerability, then you (and your company/org.) are responsible for the aftermath that would have ensued.?

领英推荐

We have seen attacks on Cloud Provider multitenant platforms happen over and over again, and increasing in frequency and severity. What to do? How to be proactive when securing your data, applications, etc. on these multitenant platforms? Here are some ideas:

  • Understand the “Shared Responsibility Model”, especially when it comes to protecting your data in a Multitenant cloud platform. Don’t assume that your data/apps are safe just because they are sitting in a Provider’s platform!
  • Stay up to date on Cloud Provider and application vulnerabilities. Patch software immediately or as soon as possible. https://cloudvulndb.org is a great resource to try to stay ahead of these..
  • Have a clearly defined Data Governance framework where Data Owners, Stewards and Custodians understand their roles and responsibilities when it comes to safeguarding your crucial data, both at rest and in transit.

Thanks – and keep your data safe in the Cloud!

要查看或添加评论,请登录

Seth H.的更多文章

  • The Customer is always right!!
    2023年2月17日

    The Customer is always right!!

    Disclaimer: This content is the sole property of Seth Hammerman, and does not reflect any affiliation with my current…

    7 条评论
  • "The Saturday Job"
    2021年6月21日

    "The Saturday Job"

    The Saturday Job I was about 9 or 10 and it was a Saturday morning. Today would turn out to be a Saturday morning like…

    15 条评论
  • Why I traded Silicon Valley for "Philly-Con Alley"
    2017年6月25日

    Why I traded Silicon Valley for "Philly-Con Alley"

    If you like the term "Philly-Con Alley" then great, give me credit. If you don't, well, as they say in California…

    16 条评论
  • Reflections on RSA Conference 2017
    2017年3月24日

    Reflections on RSA Conference 2017

    I would like to build on Pradeep’s post about how the RSA show has changed through the years. Since its inception…

    6 条评论

社区洞察

其他会员也浏览了