{"id":2183,"date":"2020-01-09T01:26:48","date_gmt":"2020-01-09T01:26:48","guid":{"rendered":"http:\/\/kusuaks7\/?p=1788"},"modified":"2024-01-29T14:30:19","modified_gmt":"2024-01-29T14:30:19","slug":"cloud-moving-to-the-cloud-security-concerns","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/cloud-moving-to-the-cloud-security-concerns\/","title":{"rendered":"Cloud: Moving to the Cloud. Security Concerns"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2183\" class=\"elementor elementor-2183\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-10507917 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"10507917\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-11d8b333\" data-id=\"11d8b333\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7c54e756 elementor-widget elementor-widget-text-editor\" data-id=\"7c54e756\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<b><i>83 percent of enterprise workloads will be in the cloud by 2020, Forbes <\/i><\/b><a href=\"https:\/\/www.forbes.com\/sites\/louiscolumbus\/2018\/01\/07\/83-of-enterprise-workloads-will-be-in-the-cloud-by-2020\/#40f297ed6261\" rel=\"noopener\"><b><i>says<\/i><\/b><\/a><b><i>. Along with that, 66 percent of IT professionals claim that their biggest concern related to the adoption of cloud computing services, is security. What do you as a cloud customer can do to protect your business? Read our article below for the details.<\/i><\/b>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-77de8d6 elementor-widget elementor-widget-text-editor\" data-id=\"77de8d6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tPicture an imaginary situation in which Marc Lucky is the key figure. Marc Lucky is a Chief Information Officer (CIO) at the Wonderful Big Company, LTD (WBC). The WBC has been offering high-quality business software for years and now it\u2019s considering a new niche, a Software as a Service (SaaS). The industry is growing by leaps and bounds: as Marc has found from the IDC\u2019s study, SaaS will account for about 60 percent of public cloud spending by 2020. Gaining new customers by providing high-quality in-demand services will bring new revenues for the WBC. Marc\u2019s company will stick to its core competency (i.e. business software), and a Cloud Service Provider (CSP) will assist the WBC with hosting solutions, namely Infrastructure as a Service (IaaS). However, what may seem a lucrative offer on paper, when being implemented, poses new grave challenges for the WBC. For Marc, in particular, it is cybersecurity threads that clouds carry in themselves, as 66 percent of IT professionals claim that their biggest concern related to the adoption of cloud computing services, is security.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5117ef6 elementor-widget elementor-widget-text-editor\" data-id=\"5117ef6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tIf stakes are so high, why take the risks at all? As it happens, using cloud computing services is as beneficial as it is risky.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7bbbcab elementor-widget elementor-widget-text-editor\" data-id=\"7bbbcab\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tCaaS offers:\n<ul>\n \t<li>Rapid scalability;<\/li>\n \t<li>Pay as you go capabilities;<\/li>\n \t<li>Extensive resource availability.<\/li>\n<\/ul>\nThus, to take well-balanced decisions, Marc indulges into a thorough risk assessment campaign.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7c7388a elementor-widget elementor-widget-heading\" data-id=\"7c7388a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><h2>Spooky stories to tell in the dark<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0de4881 elementor-widget elementor-widget-text-editor\" data-id=\"0de4881\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tMarc starts from studying failures.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-084504f elementor-widget elementor-widget-text-editor\" data-id=\"084504f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tPlain as it may seem, learning from others\u2019 failures may save you many troubles. There\u2019s nothing disreputable in taking notice of big players\u2019 mistakes. This statement is backed by Rich Petersen, co-founder and president of JetStream Software, commenting on <a href=\"https:\/\/en.wikipedia.org\/wiki\/Cisco_Meraki\" rel=\"noopener\">Cisco\u2019s data loss incident<\/a>. \u201cOur focus is on the loss of data, so we see important lessons in incidents like the Meraki data loss in August of 2017, when on-premises systems failed to backup data to the cloud service as it was designed to do,\u201d \u2013 he says.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4834169 elementor-widget elementor-widget-text-editor\" data-id=\"4834169\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tDXC\u2019s is the next <a href=\"https:\/\/www.theregister.co.uk\/2017\/11\/14\/dxc_github_aws_keys_leaked\/\" rel=\"noopener\">case to consider<\/a>. A DXC programmer involuntarily uploaded the company\u2019s private AWS keys to Github. The resulting breach incurred the company over $64,000 in loss before it was fixed.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5df0043 elementor-widget elementor-widget-text-editor\" data-id=\"5df0043\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tCloud provider Nirvanix <a href=\"https:\/\/www.information-age.com\/failed-cloud-storage-provider-nirvanix-files-for-bankruptcy-123457390\/\" rel=\"noopener\">went bankrupt in 2013 <\/a>and gave its former customers two weeks to retrieve their data before the company shut down its servers. Many of the affected companies managed to do the things in time, although some SME customers had too much data stored on Nirvanix\u2019 servers to cope with the task. Later on, Nirvanix went into the arrangement with IBM and offered its former customers to shift their data via high-speed connection. However, this was the only option available, and for those former Nirvanix\u2019 customers willing to make use of Google\u2019s, Microsoft\u2019s or Amazon\u2019s services or switch to any other provider, Nirvanix rendered no assistance whatsoever.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bc7aa35 elementor-widget elementor-widget-heading\" data-id=\"bc7aa35\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><h2>From words to actions<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eb68ee1 elementor-widget elementor-widget-text-editor\" data-id=\"eb68ee1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThe mentioned above cases take up only a page in the solid volume of cloud crashes. Once a potential CSP\u2019s customer realizes that being on a cloud is not a \u2018one time drop and forget\u2019 process, he\/she starts doing extra to reinforce his\/her data security. In his <a href=\"https:\/\/www.infoq.com\/articles\/improving-cloud-security\" rel=\"noopener\">article<\/a>, Sam Bocetta, independent journalist and security analyst, recommends conducting on-prem audits before deploying security measures. Hence, Marc\u2019s next step is to scrutinize his own company\u2019s premises, i.e. software, hardware, storage. This will help Marc take a well-informed security solution based on his company\u2019s strengths and weaknesses.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e1b84f elementor-widget elementor-widget-text-editor\" data-id=\"2e1b84f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThus, Marc is now well aware about his company\u2019s strengths and weaknesses and opts for specific security solution from a given CSP. Does it mean that cloud security issues will never touch upon the WBC? Time to party hard and rest on laurels? Ha. \u201cSecurity and Compliance is a shared responsibility between AWS and the customer\u201d, \u2013 that what AWS, a leading cloud computing services provider, says on the subject. Amazon articulates clearly how far its security efforts stretch (see the table below or study the details <a href=\"https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/?nc1=h_ls\" rel=\"noopener\">here<\/a>). It means Marc still has a lot on his plate.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d251f62 elementor-widget elementor-widget-heading\" data-id=\"d251f62\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><em>Identity and access management<\/em><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7ea19d0 elementor-widget elementor-widget-text-editor\" data-id=\"7ea19d0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAnyone wishing to gain access to the airport\u2019s security system could buy the privileged credentials on the Dark Web for as much as $10 last year, according to <a href=\"https:\/\/www.forbes.com\/sites\/louiscolumbus\/2018\/08\/21\/protecting-your-company-when-your-privileged-credentials-are-for-sale\/#85bd70c80412\" rel=\"noopener\">McAfree<\/a>. Forewarned is forearmed, an old proverb says. Therefore, Marc chooses to be proactive in ensuring the WBC\u2019s security. First thing on his to-do list is to arrange a reliable <a href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2215098617316750\" class=\"broken_link\" rel=\"noopener\">identity and access management<\/a> in cloud environment. Hence, to reinforce the protection of the WBC\u2019s systems, Marc can introduce numerous authentication options and cloud and security solutions. He is free to deploy a single authentication mechanism (log-on credentials, multi factor authentication, third-party authentication, simple text passwords, 3D password objects, graphical passwords, biometric authentication, digital device authentication) or leverage the combination of the listed mechanisms.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-87fd725 elementor-widget elementor-widget-heading\" data-id=\"87fd725\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><em>Better visibility<\/em><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d477945 elementor-widget elementor-widget-text-editor\" data-id=\"d477945\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tNext to do is gain a better visibility of cloud services and data. Marc is pretty knowledgeable about the tools and technologies that can provide a 360-degree view of his company\u2019s cloud environment. These may be <a href=\"https:\/\/aws.amazon.com\/cloudwatch\/\" rel=\"noopener\">Amazon CloudWatch<\/a> for the AWS clients. <a href=\"https:\/\/www.riverbed.com\/blogs\/AppInternals-AppResponse-Integration-for-Unified-Monitoring.html\" class=\"broken_link\" rel=\"noopener\">Riverbed\u2019s AppResponse and AppInternals<\/a> are great third-party tools that can be deployed in the cloud. <a href=\"https:\/\/www.gigamon.com\/company\/news-and-events\/newsroom.html\" rel=\"noopener\">Visibility Platform<\/a> by Gigamon\u2019s ensures even down to a packet-level visibility. Greater visibility will allow the WBC to react to incidents faster and gain higher confidence in embracing transformative cloud services. Now Marc\u2019s informed what the WBC\u2019s data goes to the cloud and where it is stored.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-20ec4ae elementor-widget elementor-widget-heading\" data-id=\"20ec4ae\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><em>Data encryption<\/em><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4668516 elementor-widget elementor-widget-text-editor\" data-id=\"4668516\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tCSPs often ensure adequate data encryption. Although, however trustworthy the CSP may be, Marc is going to deploy a sophisticated encryption solution before sending data to the cloud. The encryption keys will be kept on a separate server or a storage block, with a keys backup located offsite for safety purposes.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4f2ca65 elementor-widget elementor-widget-text-editor\" data-id=\"4f2ca65\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tHowever, there should be a distinction between the corporate data requiring encryption and the data that can be very well stored in plain text. With this regard, Marc establishes clear rules for information classification and informs thereof all the IT staff provided with an access to the cloud.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c0c07d9 elementor-widget elementor-widget-heading\" data-id=\"c0c07d9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><em>Staff coaching<\/em><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-daf0d2a elementor-widget elementor-widget-text-editor\" data-id=\"daf0d2a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tHowever cautious management can be, ensuring security is a company-wide objective. That means that all the personnel should undergo relevant security coaching. For the <a href=\"https:\/\/www.qulix.com\/services\/custom-software-development\/\" class=\"broken_link\" rel=\"noopener\">developers<\/a> and IT staff it can be <a href=\"https:\/\/www.greycampus.com\/blog\/information-security\/owasp-top-vulnerabilities-in-web-applications\" rel=\"noopener\">OWASP Top 10<\/a> or <a href=\"https:\/\/cloudsecurityalliance.org\/working-groups\/cloud-controls-matrix\/#_overview\" rel=\"noopener\">Cloud Controls Matrix<\/a>, while for a non-IT staff Marc is going to arrange relevant courses such as <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/cybersecurity-awareness\/demo\" rel=\"noopener\">Employee Skills Training Platform<\/a> by Kaspersky lab or <a href=\"https:\/\/www.dalimited.com\/cyber-security-fundamentals-for-non-it-staff\/\" rel=\"noopener\">Cyber-Security Fundamentals For Non-IT Staff<\/a> by Digital Assure Limited, etc. Along with formalized quarterly training, security team will employ constant reminders for the WBC\u2019s employees, thus reducing the risk of malware in a cost-effective manner.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9ce37d0 elementor-widget elementor-widget-heading\" data-id=\"9ce37d0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">\n<h3><em>Automation<\/em><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-439ef16 elementor-widget elementor-widget-text-editor\" data-id=\"439ef16\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tBesides adding a bit of the responsibility burden, will the WBC\u2019s people be otherwise affected by deploying cloud computing services? Largely, things will stay the same for the professionals engaged in the company\u2019s core competency. Moving to the cloud will demand as much learning from them as mastering a new framework. For the information security staff, however, ensuring the network stability will imply adding more automation to the processes. The less human element is left, the fewer incidents can be expected. \u201c<em>Automation, once perfected, never deviates from the rules that have been defined; therefore, they never miss a step or leave a door open,\u201d- <\/em>Sam Bocetta highlights.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-19af131 elementor-widget elementor-widget-heading\" data-id=\"19af131\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><em>Talent acquisition<\/em><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-82597fb elementor-widget elementor-widget-text-editor\" data-id=\"82597fb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAnd surely, automation yields best results if orchestrated by an experienced cybersecurity expert. However, to find one has become a real challenge for many companies. According to <a href=\"https:\/\/cybersecurityventures.com\/jobs\/\" rel=\"noopener\">Cybersecurity Ventures<\/a>, there will be 3.5 million unfilled cybersecurity positions by 2020.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-914b943 elementor-widget elementor-widget-text-editor\" data-id=\"914b943\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\u201cShould you come by an adequately trained specialist, grab and hold him\/her,\u201d \u2013 Marc says to the HR team. He will never regret this decision later on.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b46a50 elementor-widget elementor-widget-heading\" data-id=\"6b46a50\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><em>Penetration testing<\/em><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5b6e454 elementor-widget elementor-widget-text-editor\" data-id=\"5b6e454\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tHopefully, in case Marc is hesitant whether he made his every best effort to protect his system, he can double-check it, say, through penetration testing. Penetration testing will disclose hidden flaws and vulnerabilities of the system under test, thus, allowing the hosting company to get better prepared for real life attacks. At the same time, for multitenant clouds, i.e. those shared by multiple companies, pentesting should be performed in compliance with the restrictions posed by the CSP. In other words, Marc can pentest the WBC\u2019s system only to the extent that other companies\u2019 data is not affected, as allowed by the provider. See the pentest requirements of <a href=\"https:\/\/www.microsoft.com\/en-us\/msrc\/pentest-rules-of-engagement?rtc=1\" rel=\"noopener\">Microsoft Azure<\/a> or <a href=\"https:\/\/docs.aws.amazon.com\/govcloud-us\/latest\/ug-west\/pen-testing.html\" rel=\"noopener\">AWS<\/a> as an example.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dbf6fb0 elementor-widget elementor-widget-heading\" data-id=\"dbf6fb0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><h2>Summing it up\u2026<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1a0e59a elementor-widget elementor-widget-text-editor\" data-id=\"1a0e59a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tIn the end, if Marc Lucky, the WBC\u2019s CIO, was a real figure, he would do much more to ensure his company\u2019s data is safe once moved to the cloud. Surprisingly, many cloud players do not consider performing even the minimum requirements mentioned above. Keep in mind, that a cloud provider may fence its liability for any possible data breach and will do it legally. A lengthy servicing contract is all too often excessively boring to study. Thus, there are many issues that in your opinion should be covered by the cloud provider. In reality, they are entirely your responsibility. A good piece of security and compliance is exactly the case.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>One should do much more to ensure his company&rsquo;s data is safe once moved to the cloud. Surprisingly, many cloud players do not consider performing even the minimum requirements. Keep in mind, that a cloud provider may fence its liability for any possible data breach and will do it legally. A lengthy servicing contract is all too often excessively boring to study. Thus, there are many issues that in your opinion should be covered by the cloud provider. In reality, they are entirely your responsibility. A good piece of security and compliance is exactly the case.<\/p>\n","protected":false},"author":698,"featured_media":3287,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[95],"ppma_author":[3501],"class_list":["post-2183","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-big-data-amp-technology"],"authors":[{"term_id":3501,"user_id":698,"is_guest":0,"slug":"alexey-makarov","display_name":"Alexey Makarov","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_ee23845e-a8b2-4dc8-9659-718f224ef1d8-150x150.jpg","user_url":"https:\/\/www.qulix.com\/","last_name":"Makarov","first_name":"Alexey","job_title":"","description":"Alexey Makarov is the CEO and the Co-Founder of\u00a0<a href=\"https:\/\/www.qulix.com\/\" target=\"_blank\" rel=\"noopener\">QULIX SYSTEMS<\/a>, a large-scale software company. With his passion for technologies, he is a major advocate of building cutting-edge digital solutions. He is an official member of the\u00a0<a href=\"https:\/\/profiles.forbes.com\/members\/tech\/profile\/Alexey-Makarov-CEO-Founder-Qulix-Systems\/1612c041-8c4c-42e0-b6fe-1e0813b2fce6\">Forbes Technology Council<\/a>."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/698"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=2183"}],"version-history":[{"count":8,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2183\/revisions"}],"predecessor-version":[{"id":35733,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2183\/revisions\/35733"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/3287"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=2183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=2183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=2183"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}