惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
The Register - Security
The Register - Security
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The GitHub Blog
The GitHub Blog
博客园 - 司徒正美
罗磊的独立博客
U
Unit 42
S
SegmentFault 最新的问题
Y
Y Combinator Blog
博客园_首页
Hugging Face - Blog
Hugging Face - Blog
J
Java Code Geeks
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
C
Check Point Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Simon Willison's Weblog
Simon Willison's Weblog
V
Vulnerabilities – Threatpost
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
阮一峰的网络日志
阮一峰的网络日志
The Hacker News
The Hacker News
博客园 - 叶小钗
C
Cybersecurity and Infrastructure Security Agency CISA
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
S
Securelist
A
Arctic Wolf
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Threatpost
Scott Helme
Scott Helme
博客园 - 聂微东
博客园 - 【当耐特】
T
Tenable Blog
I
Intezer
D
DataBreaches.Net
B
Blog RSS Feed
Security Latest
Security Latest
C
Cisco Blogs
T
Tor Project blog
N
Netflix TechBlog - Medium

The Register - Off-Prem: PaaS + IaaS

AWS lets agents drive its virtual cloudy desktops Trump threatens UK with ‘big tariff’ over digital tech tax UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial £2B Microsoft licensing claim gets go-ahead from UK tribunal One of Europe's sovereign cloud picks may not be so-sovereign after all Europe picks 4 sovereign cloud providers, but one has Google Networks not ready for the challenges of AI traffic UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents Amazon rejects AWS climate disclosure proposal Microsoft cuts cloudy desktop prices by 20 percent Google taps Intel for another round of custom network chips Nutanix thinks some Azure cloud desktops belong on-prem AWS would prefer to forget March in UAE region AWS would prefer to forget March in UAE region CMA dithers as Microsoft's cloud meter runs on your dime Microsoft startup credits are the gift that keeps on billing SAP's grand cloud escape plan €2B short of the runway Alibaba Cloud hikes prices by up to 34%, blames hardware costs and AI demand Alibaba Cloud lifts prices, blames AI and hardware costs Founder finds Azure startup credits don't apply to Claude Lloyds Banking Group apps play mix-and-match with customer transactions Oracle outage knocks TikTok offline for some US users Oracle outage knocks TikTok offline for some US users Bank of England says it can run £431M settlement system without Accenture AWS says drones hit two of its datacenters in UAE, urges users to move resources to different regions AWS says drones hit two of its datacenters in UAE Salesforce CEO 'SaaSquatch' Benioff says his company will monster the SaaSpocalypse Salesforce CEO declared victory over flagging software sales Former Amazon UK boss set to chair CMA Founder drops AWS for Euro stack in bid for sovereignty Founder drops AWS for Euro stack in bid for sovereignty FTC to investigate Microsoft's cloud and AI dominance FTC to investigate Microsoft's cloud and AI dominance Oracle suits up for Air Force Cloud One program with $88M contract Europe set to treble sovereign cloud investment Europe set to treble sovereign cloud investment Courts unplug from ancient datacenters after five-year slog MEP: 'The EU runs on Microsoft', Uncle Sam could turn it off Azure outages ripple across multiple dependent services Azure outages ripple across multiple dependent services Europe shrugs off tariffs, plots to end tech reliance on US Want digital sovereignty? That'll be 1% of your GDP into AI infrastructure please Microsoft Azure OpenAI Service takes an unscheduled day off in Sweden AWS's inevitable destiny: becoming the next Lumen AWS destiny: becoming the next Lumen 3 is the magic number for Alaska Airlines: triple redundancy Microsoft 365 outage drags on for nearly 10 hours GSA's VMware framework deal skips the actual hypervisor AWS flips switch on Euro cloud as sovereignty fears mount Meta reacts to power needs by signing long-term nuke deals UK urged to cut out US Big Tech for sake of digi sovereignty AWS raises GPU prices 15% on a Saturday Europe building an Airbus for the cloud age Oracle's new AI-enhanced support portal leaves users fuming Europe gets serious about cutting US digital umbilical cord Atlassian's DR simulation showed it lived in dependency hell UK govt seeks replacement for Post Office Horizon system Public cloud spending forecast to reach $591bn in 2023 Google to review every project after $6bn decline in profits Delta Airlines takes flight with Amazon Web Services Cloud infrastructure spend to top non-cloud in 2022 HPE Greenlake to power Taeknizon expansion in UAE Google's Dallas datacenter opens up new cloud region American Airlines decides to cruise into Azure's cloud Tencent happily parting ways with loss-making cloud customers DigitalOcean offers $4 VM while increasing prices Cloud spending will near $500 billion this year Tencent Cloud ends pursuit of 'revenue growth at all costs' IaaS is a lousy business, says Chinese web giant Tencent: PaaS and SaaS is how we’ll make money in the cloud UK government puts £750m on the table as it looks to deal directly with cloud providers Cloud now bigger than Dell, HPE, Lenovo, Cisco combined Oracle: Over here, look over here! At the cloud! No, not at our glum licensing numbers Oracle's Hurd says 95% of its software will be cloud services this year Pivotal fluffs up *sigh* Cloud Foundry *sigh* cloud for battle in the *sigh* cloud IBM throws open doors of XaaS supermarket Google offers up its own flesh to the world's braying cloud hordes Red Hat clutches OpenShift, takes platform cloud to second version Swish PaaS Bosh: Sons of VMware spin up Pivotal One cloud platform Google holds its nose, lets the hoi polloi run PHP on its shiny cloud Engine Yard loads Oracle tech into cloud platform Microsoft takes second run at platform cloud CYBORG CLOUD comes to VMware Amazon tightens grip on cloud market, report shows IBM pours WebSphere tech into Cloud Foundry cauldron Red Hat parachutes into crowded PaaS market Heroku publishes API for its platform cloud AppFog PaaS drops Rackspace IaaS Platform clouds can make enterprises all teeth and no tail Report: Amazon dominates global cloud spend Engine Yard plugs multiple IaaS players into back end Red Hat revs OpenShift Enterprise to 1.1 Platform clouds generating more noise than cash IBM adds platform services to SmartCloud Trevor Pott's guide to pricing up the cloud Red Hat answers Microsoft Azure with OpenShift dev cloud Infosmack tackles VMware's Cloud Foundry Why and when choose PaaS? PaaS potential and practicality The public cloud ... why bother?
McAfee says cloud security not as bad as we feared… it's much worse
2018-10-30 · via The Register - Off-Prem: PaaS + IaaS

SaaS

Quick takeaway: most everyone sucks at IaaS

The average business has around 14 improperly configured IaaS instances running at any given time and roughly one in every 20 AWS S3 buckets are left wide open to the public internet.

These are among the grim figures rolled out Monday by researchers with McAfee, who say that security practice has not kept up with the rapid adoption of cloud services.

The security giant conducted a study using around 30 million events logged by its own cloud custoemrs and found that companies are not keeping proper track of the cloud services they use and, as a consequence, are not properly securing them.

REG AD

According to McAfee, the average business uses around 1,900 cloud instances, but most of the companies they surveyed only thought they used around 30. It is no surprise, then, that many IaaS and PaaS accounts are not properly configured to limit what data can be accessed.

REG AD

Among the worst was Amazon's AWS S3. The storage bucket service has seen an epidemic of data alerts from researchers who uncovered improperly configured instances that contained sensitive corporate and customer personal information.

McAfee's findings showed that, in fact, it's a wonder we haven't seen more of these breaches. The report estimates that around 5.5 per cent of all AWS S3 storage instances are set to "world read," meaning anyone who knows the address of the S3 bucket would be able to see its contents.

"Despite the news over the past few years with so many public incidents of data exposure in open S3 buckets, this common but serious misconfiguration remains stubbornly unmoving," the report notes.

The report also finds that personal accounts are also woefully insecure. McAfee found that 92 per cent of companies have one or more credentials for sale on cybercrime markets and events involving either a compromised account or insider threat have increased by nearly 28 per cent over the last year.

"The majority of threats to data in the cloud result from compromised accounts and insider threats," McAfee noted. "80 per cent of organizations are going to experience at least one comprised account threat in the cloud this month."

The recommendations for companies are fairly straightforward: McAfee says companies should audit their cloud service configurations and map out where sensitive data is being stored.

From there, it is simply a matter of setting and maintaining access controls on that data, both from external access and from possible insider threats and stolen accounts.

Easier said than done. ®