FINAL WORD
“
YOU NEED
TO DEPLOY
ADDITIONAL WEB
APPLICATION
FIREWALLS,
NETWORK
FIREWALLS AND
IMPLEMENT
ENCRYPTION
CAPABILITIES
TO MITIGATE
YOUR RISKS OF
BEING ATTACKED
AND DATA BEING
BREACHED.
Amazon has made several tools available
to make it easier for S3 customers to work
out who can access their data and to
help secure it. However, organisations still
need to use access controls for S3 that go
beyond just passwords, such as two factor
authentication, to control who can login into
their S3 administration console.
But to understand why these basic
mistakes are still being made by so many
organisations, we need to look at the
problem in the wider context of public
cloud adoption in many enterprises. When
speaking with IT managers that are putting
data in the cloud, it is not uncommon to hear
statements such as ‘there is no difference
between on-premise and cloud servers’. In
other words, all servers are seen as being part
104
INTELLIGENTCIO
of the enterprise IT infrastructure and they
will use whichever environment best suits
their needs, operationally and financially.
Old habits die hard
However, that statement overlooks one
critical point: cloud servers are much more
exposed than physical, on-premise servers.
For example, if you make a mistake when
configuring the security for an on-premise
server storing sensitive data, it is still
protected by other security measures by
default. The server’s IP address is likely to
be protected by the corporate gateway, or
other firewalls used to segment the network
internally and other security layers which
stand in the way of potential attackers.
In contrast, when you provision a server up
in the public cloud, it is accessible to any
computer in the world. By default, anybody
can ping it, try to connect and send packets
to it, or try to browse it.
Beyond a password, it doesn’t have
all those extra protections from its
environment that an on-premise server has.
And this means you must put controls in
place to change that.
These are not issues that the organisation’s
IT teams, who have become comfortable
with having all those extra safeguards of
the on-premise network in place, have to
regularly think about when provisioning
severs in the data centre. There is often an
assumption that something or someone
www.intelligentcio.com