Should we worry about the cloud? (Software & Configuration)
Post date: Dec 5, 2013 3:38:29 PM
In my previous post I mentioned about very bad hardware management. But I can also assure that using even properly managed IaaS or PaaS cloud won't fix the usual problems.
1. Total negligence of security basics
2. Using (manufacturers / software vendors) default passwords
3. Using same password for everything ,even if it's not 2.
4. If it works, it's correctly and securely configured
5. Nobody would try to hack our system anyway, so what does it matter
6. Lack of all kind of generic security related software updates for several years
7. Total technical lack of understanding how things work and how things could be made secure
I have covered ton of these areas in my blog. Using any cloud won't fix these issues. So what if cloud provider is ultra secure, if all users got full access to all areas and passwords are super bad, like users first name or so in lower case or company name or something silly like Password or the traditional 123456.
None of these things are new, and I have seen all of these in live environments.
As I mentioned, using or not using could, won't make such a big difference. But if you user properly managed cloud service, security is most likely to be better than without the cloud.
As summary, cloud isn't any miracle solution. It still needs all the normal security assessments, if those are made at all on any level.