Setup Post
  • Home
  • Business
  • Computers and Technology
  • Health
  • Services
  • write for us
  • contact
Sunday, July 6, 2025
No Result
View All Result
  • Home
  • Business
  • Computers and Technology
  • Health
  • Services
  • write for us
  • contact
No Result
View All Result
Setup Post
No Result
View All Result
Home Business

AWS: Multi-Tenancy Creates Confused Deputies

Setup Post by Setup Post
January 3, 2023
in Business, Computers and Technology
0
Share on FacebookShare on Twitter

Cloud data storage facilitates the efficient and fast transfer of data throughout the globe. The dominant companies offering third-party cloud storage, such as Microsoft and Amazon, have supported the growth and maturation of millions of businesses. The infrastructure at the heart of these services has the potential to cause untold damage, however. With cloud data security becoming ever more important to both industries and customers, it’s vital to take a proactive approach to your cloud storage security.

Efficient Storage – With a Budget Twist

The budget-friendliness of today’s cloud storage solutions make them particularly attractive to scaling businesses. By offering swathes of computing power on an as-you-need basis, the financial and administrative demands of the cloud are kept to a lean minimum. In essence, cloud providers offer pools of resources for their customers. The physical servers they operate may offer vast computing possibilities, but slicing this up in a flexible way demands clever architecture. A hypervisor is what divides these physical servers into millions of smaller virtual servers, abstracting the computing power into more efficient, smaller chunks.

From a software perspective, this is described as multi-tenancy architecture. The tenancy here is an analogy for externally-owned computing resources that can be switched and transferred at will. The benefits of this multi-tenant layout are numerous: sophisticated applications and large databases are able to be run immediately, enabling plug-and-play SaaS solutions, and allowing customers to save on storage, hardware, and CPU costs.

Fundamentally, multi-tenancy architecture is the beating heart of Database and Software as a Service. As the cloud has exploded in popularity, the cramming of multiple customers onto each virtual server has drawn slight concern from the more security-minded, however.

AppSync’s Deputy Issue

AppSync is a vital tool for drawing data from multiple connected AWS databases. It provides a robust interface for API production, supporting efficient data caching and easy endpoint creation. Thanks to AppSync’s ability to publish and query the data within a connected AWS database, it holds a fairly tenuous position within the security of an account. This sets the stage for a confused deputy problem – that is, when a less-privileged entity (an attacker kept out via authentication protocols) confuses a more-privileged entity (AppSync) into performing actions for the attacker’s benefit. To prevent this, AppSync was built with a failsafe: when creating a source for the API to pull from, the account name is checked against the database’s own account info.

However, researchers at Datadog Security Labs recently found and published a major flaw within this security protocol. Despite the check put in place, the researchers found that this check was vulnerable to malicious inputs. By manually feeding this function the Amazon Resource Name (ARN) of a different AWS account, AppSync could be tricked into assuming the access privileges of that unrelated account. This lends the attacker access to all resources under that account.

Allowing attackers access to once-protected databases is cause for major concern. Thankfully, AWS reacted with incredible swiftness when the researchers bought up the new exploit. Notifying the company on the 1st September, a patch was pushed to the AppSync service only five days later. Analyzing the impact of the newly-discovered vulnerability, Amazon analyzed all relevant logs, stretching back the service’s launch. AWS conclusively determined that the no customer accounts had become victim to this attack vector, and that the only accounts involved in this attack were those owned by the researchers.

Guaranteeing Cloud Security in 3 Phases

One of the benefits of the cloud is how simple and speedy its services are. Accelerated design and deployment have become a mainstay of DevOps; fantastic for innovation, but often considerably lacking in security. Sometimes, the need for speed can accelerate the creation of dire consequences. Instead of sacrificing speed and ease of use, purpose-built cloud-native security solutions offer security at pace.

Firstly, you can’t protect what you don’t know. Data governance is a rising issue, as cloud environments scatter databases hither and thither – meaning it’s also a key component of comprehensive, cloud-based security. The drift that naturally occurs as databases are created, deleted and cloned means that tracking every bit – no matter where it is, what data it consists of, and who is accessing it – has never been more difficult. Delivered as SaaS, modern data posture management can keep up with rapid deployment.

With data discovery handled, it’s now possible to start classifying said data. This automated process tags data according to its sensitivity, type, and value to the organization if altered or destroyed. This can occur through content, context or user info of each piece of data. By automatically assessing the ins and outs of each piece of data, it becomes possible to rank the risk following your organization’s own structure. The first benefit to this process is its ability to give organizations the most comprehensive overview of their risk level possible. Ultimately, however, this sets the foundation for the final phase of cloud security.

Once you’ve clarified what the data is, and which users can begin using said data, it becomes a lot easier to sniff out any instances of policy violation. This lends itself to top-notch authorization policies, with best practice and historical info helping establish who should have access to each level of sensitive data. Policy violation responses can be automated: for instance, if someone is suddenly attempting to transfer sensitive data outside the organization; or an account seeing suspicious behavior; the suspicious activity is terminated before a breach occurs.

With a security solution handling the three pillars of cloud security, your customers and industry partners are kept safe from profiteering cybercriminals and malicious actors.

Next Post

Beyond Borders: How Prepaid Virtual Cards Simplify International Purchases

Related Posts

Business

Top Online Slot Games You Should Try This Year

July 1, 2025
Business

SyntecBio’s AI Digital Biotech Day 2025

June 27, 2025
Business

Is It Too Late to Buy Bitcoin? Here’s What Experts Say

June 27, 2025
Business

Why More Players Choose Raja4D for Online Slot Entertainment

June 24, 2025
Business

Unleash Your Inner Icon: The Power of the Men’s Long Black Leather Trench Coat

June 17, 2025
Business

Real-world Use Cases of AI Agents in the Workplace

June 13, 2025
Next Post

Beyond Borders: How Prepaid Virtual Cards Simplify International Purchases

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Dr. Kamal Ranadive

Dr. Kamal Ranadive: Pioneering Researcher in Viral-Induced Cancers and Gender Equality in Science

April 4, 2023

Maximizing Your Gaming Experience with Slot Online

January 18, 2025

Duck Calls Decoded: Finding the Best Options for Successful Hunting in Colusa

November 16, 2023

Exploring Nutrition: Costco’s Chicken, Egg McMuffin, and 90-10 Ground Beef

December 29, 2023

The Role of CNC Machine Companies in Medical Device Production

September 3, 2024

Easy Tricks to Play Gates Of Olympus Slot Latest Gacor

December 4, 2023

The Ultimate Guide to Biomass Boiler Heating Systems in the UK

August 30, 2023

How to Pick the Best Slot Game for You

October 18, 2024

Why Math Skills Matter: Preparing for a Successful Future

August 17, 2024

Enhancing Office Spaces with Tintfit Window FilmsCreating an Ideal Office Environment

February 23, 2024

Mastering RIP City: Essential Tips for Winning at This Slot Game

October 11, 2024

The Hassle of Lost Car Keys in Nottingham: Solutions and Tips

March 4, 2024

The Cost-Effective Advantages of Installing a Retaining Wall for Your Yard

September 7, 2024

Knitted Hat vs. Beanie: Which Style Is Right for You?

June 9, 2024

Reinforce Your Driveway with Professional Hot Oil and Chipping

August 13, 2024

Unlocking the Benefits of Paycor Employer Login: A Comprehensive Guide

July 5, 2024

© 2021 Setup Post all rights reserved.

No Result
View All Result
  • Home
  • Entertainment
    • Gaming
    • Movie
    • Music
    • Sports
  • Lifestyle
    • Fashion
    • Food
    • Travel
    • Health
  • News
    • Bussiness
    • Politics
    • Science
    • World
  • Tech
    • Apps
    • Gadget
    • Mobile

© 2021 Setup Post all rights reserved.