Tech Crunch

Startup founders need to decide how much salary is enough

Startup founders don’t typically launch a company as a get-rich-quick scheme. Most know that it will be a long, hard slog if they are to succeed. There will be lean years where the money is tight, and where they may personally struggle to pay their
/
Google Image

Meet David Feinberg, head of Google Health

Dr. David Feinberg has spent his entire career caring for people’s health and wellbeing. And after years in the healthcare system, he now leads Google Health, which brings together groups from across Google and Alphabet that are using AI, product expertise and hardware to take
/

Cloud Security Risks

Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has a lot of benefits, but also a lot of risks if done in the wrong way.

So what are the most important risks? The European Network Information Security Agency did extensive research on that, and identified 35 risk categories. This analysis is used by a number of players in the industry, including certain banking regulators. From those 35, ENISA has selected 8 as the most relevant ones. This article explains them, not in any particular order. (And by the way: ENISA is pronounced as ‘eniesa’, not ‘enaiza’).

Cloud Security Risks

Loss of governance

As a cloud consumer you need to be sufficiently in control of your IT systems. If the cloud service agreement does not give you the proper tools, you have a problem. Example: you should be able to make a backup of your important data and get it out of the cloud provider system.

Lock-in

Can you move your data and processes from one provider to another? It will always take you effort, but how much? On the infrastructure level it may be fairly straightforward to move to a different provider, but it may be significantly more expensive to move to a different CRM (Customer Relationship Management) system. Don’t get too scared though; remember that most companies have gone through similar projects before there was cloud.

Isolation failure

Cloud computing, by definition, is about sharing resources: i.e. processing capacity. Now if one tenant (cloud word for customer) can influence another’s resources that is considered isolation failure. One example is starving a tenant of CPU power. Another is hacking into another tenant’s virtual machine (which is pretty hard, by the way). A third example is leaking information between tenants, which happened to DropBox a while ago.

Compliance risks

A lot of cloud consumers need to demonstrate that they take proper care of their data, for example because it contains credit card numbers. If your cloud provider does not help you with that, you are at risk.

Management interface compromise

This is another of those ‘risk-speak’ jargon expressions. You probably control your cloud usage through some portal over the internet, which potentially allows cloud security risks and a bad guy from anywhere in the world access.

Data protection

This is similar to compliance risks. Can you check that all data is handled in a lawful way? Are you sure that their back end providers do the same? Certification can go a long way towards demonstrating that, by the way.

Insecure or incomplete data deletion

You are asking your cloud provider to store your data safely, which they probably do by making multiple copies. Then you ask them to delete that same data. That might be hard, as it probably is on multiple disks that are shared with other customers, so they cannot simply shred the hard disks. This problem is not very unique to cloud by the way. You may have it with your own servers, printers and copying machines, all of which contain a lot of storage.

Malicious insider risks

In a cloud provider you have a number of people who may have extreme powers because they can look at all data. One well know ridesharing website had implemented and used a ‘God View’, in which one person could look at all the data.

If you are evaluating cloud solutions, it makes great sense to take a look at each of these eight risk categories first, to see how you and your cloud provider would be handling them. In enough cases cloud providers are demonstrably good enough at this, which you can find out by analyzing their documentation and reports.

More cloud security risks are elaborated in the CCSK (Certificate of Cloud Security Knowledge) body of knowledge. The ENISA research is part of that. For more information on that certification you can visit http://www.ccsk.eu.

Peter H.J. van Eijk

Peter HJ van Eijk

Peter HJ van Eijk develops and delivers cloud computing training programs. He has delivered these programs dozens of times in the US, Europe, Middle-East and Asia to a wide variety of participants.

He has worked for Deloitte Consulting, IT supplier EDS, internet providers, and at the University of Twente, where he received his PhD in 1988. He is a board member of the Dutch Cloud Security Alliance Chapter.

Peter is a certified trainer for CSA Certificate of Cloud Security Knowledge (CCSK), CompTIA Cloud Essentials, Virtualization Essentials and Cloud Technology Associate. He wrote these courses or contributed to them.

Data Visualization 101: How, What, Why?

Data Visualization 101: How, What, Why?

Data Visualization 101 “A picture is worth a thousand words.” This old, English idiom could not ring more true than ...
Leveraging machine learning models for predictive maintenance of network services

Leveraging machine learning models for predictive maintenance of network services

Leveraging machine learning models As per lightreading's service assurance and analytics research study conducted with 100+ network operators and service ...
Technology Cloud Contributor

IoT Data Centers – “We’ve Always Done IoT, We’re Just Terrible At Marketing It”

IoT Data Centers An often repeated phrase by many data center professionals is “We’ve always done IoT, we’re just terrible ...
GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
Slack

Slack to take unusual route to public markets, likely valuing it around $16 billion

/
NEW YORK (Reuters) - Slack Technologies, the fast-growing workplace messaging and communication platform, is poised for an unusual public listing on Thursday that will see it trade on the New ...
NYT

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000

/
MIAMI — The leaders of Riviera Beach, Fla., looking weary, met quietly this week for an extraordinary vote to pay nearly $600,000 in ransom to hackers who paralyzed the city’s ...
IBM

IBM to win unconditional EU okay for $34 billion Red Hat deal: sources

/
BRUSSELS (Reuters) - U.S. tech giant International Business Machines Corp is set to secure unconditional EU approval for its $34 billion bid for software company Red Hat, people familiar with ...