Hackers do not consider "clouds" sufficiently protected

    image

    At the last Defcon hacker conference, guys from Fortify Software conducted a survey among the participants in this conference. About 100 hackers were interviewed, and the purpose of the survey was to find out what conference participants think about security in a "cloud" environment. Interesting results were obtained - 96 participants, that is, 96% of respondents, replied that they considered such platforms to be very attractive, "opening up new opportunities." In addition, the respondents said that they consider the efforts of manufacturers of "cloud" software and equipment to ensure the safety of their products insufficient.

    45% of respondents said that they have already tested the "clouds" for strength, finding various vulnerabilities. And although only 12% said they would actively look for opportunities to “monetize” such vulnerabilities (read, steal information and user money), this is a rather significant percentage, given how many companies have switched and are moving to a distributed computing platform. Of course, it is also worth considering that not all hackers openly admit (albeit in an anonymous survey) their intention to enrich themselves in a similar way.

    But an earlier study by Gartner shows that 20 percent of the companies surveyed are going to store all their data in the cloud, only from time to time keeping copies of all the necessary information on external media.

    Returning to the hackers surveyed, we note that 21% said they considered cloud services to be the most vulnerable. Of those hackers who have already tried such platforms for strength, 33 responded that they found vulnerabilities in DNS, 16% replied that they had access to the log files, 12% were able to access the private data of users of the "clouds".

    Thus, the expert group that conducted the survey draws the attention of all manufacturers of hardware and software for the needs of cloud services to the need to double their attention in the field of security of their own products. Network security experts do not cease to repeat that security systems need to be checked again and again, so that later it will not be excruciatingly painful for the mistakes made.

    Source .

    Also popular now: