📜 ⬆️ ⬇️

Hackers do not consider “clouds” sufficiently secure.


At the last conference of Defcon hackers, guys from Fortify Software conducted a survey among the participants of this conference. About 100 hackers were interviewed, and the purpose of the survey was to find out what the conference participants thought about security in a “cloud” environment. Interesting results came out - 96 participants, that is, 96% of the respondents answered that they consider such platforms very attractive, “opening up new opportunities”. In addition, survey participants responded that they consider the efforts of the manufacturers of “cloud” software and equipment to ensure the security of their products to be insufficient.

45% of respondents answered that they had already experienced “clouds” for strength, having found various vulnerabilities. And although only 12% responded that they would actively look for opportunities to “monetize” such vulnerabilities (read, steal information and users' money), this is quite a significant percentage when you consider how many companies have switched and switch to the distributed computing platform. Of course, it is worth considering the fact that not all hackers openly admit (albeit in an anonymous survey) in their intention to enrich themselves in a similar way.
But an earlier survey conducted by Gartner shows that 20 percent of the surveyed companies are going to store all their data in the “cloud”, only keeping from time to time copies of all the necessary information on external media.

Returning to the hackers interviewed, we note that 21% responded that they consider cloud services the most vulnerable. Of those hackers who have already tried these platforms for strength, 33 responded that they found vulnerabilities in the DNS, 16% responded that they had access to the log files, 12% were able to access the private data of cloud users.

Thus, the expert group that conducted the survey draws the attention of all manufacturers and hardware and software for the needs of cloud services to the need to double their attention in the field of security of their own products. Network security experts do not cease to repeat that the security systems need to be checked again and again, so that later it would not be excruciatingly painful for the mistakes made.

Source of

Source: https://habr.com/ru/post/102561/

All Articles