Cloud use is at an all-time high, despite security worries. Last week’s ChaosDB vulnerability shows that enterprises need to adapt their security strategies and move to the zero-trust model and identity-based authentication.
The standard thinking on cloud security goes like this:
We’re giving up control over the infrastructure when we move to the cloud, but the providers, on average, do as good a job or better than we can manage on premises.
The cloud providers do nothing but cloud and can afford to invest more in security technology and personnel than the average company.
So we’re going to let the cloud providers handle the infrastructure, and we’ll worry about the stuff that’s our responsibility, like cloud configuration settings and application security.
But when a major cloud provider messes up on fundamental infrastructure security, should data center and IT professionals shrug their shoulders, reset security keys and move on? After all, Microsoft shut down the ChaosDB vulnerability within two days of finding out about it.
