Do you really know who else is sharing your cloud platform, who has access to it, and how do you secure data being kept there?
As we will discuss in an upcoming blog, there are several different flavours of cloud. In order to keep things simple we’ll just stick to the idea of a Public Cloud (i.e. one accessible by anyone freely or paying for access), you’ll see that this idea in principal is applicable to most cloud platforms.
In the example of AWS – one of the most widely used platforms – you can easily spin up a new VM to do your bidding in a matter of minutes.
Once done, who knows what security controls are in place?
It’s the same as any other system on a network. It requires securing, it’s on a “private” network address range, and is accessed via the public internet typically over https, or perhaps even ssh – secure protocols for its management certainly. But what may not necessarily be secure is that “private” side of the network – are there other systems owned by or used by other people in “your” cloud? You simply don’t know!
In other words that private subnet of the public cloud may be accessible to anyone and everyone who has access to any systems on that network! Would you leave any other systems open on a network used by other unknown people….I’d expect the answer to be an emphatic, loud and distinctly un-cloudy “NO!”
Those systems must be secured, as effectively as any you leave exposed to the internet at large: Firewalls, Network IPS, Host IPS, Encryption, Strong Authentication for access, and so on…