Setup Post
  • Home
  • Business
  • Computers and Technology
  • Health
  • Services
  • write for us
  • contact
Wednesday, January 25, 2023
No Result
View All Result
  • Home
  • Business
  • Computers and Technology
  • Health
  • Services
  • write for us
  • contact
No Result
View All Result
Setup Post
No Result
View All Result
Home Business

AWS: Multi-Tenancy Creates Confused Deputies

Setup Post by Setup Post
January 3, 2023
in Business, Computers and Technology
0
Share on FacebookShare on Twitter

Cloud data storage facilitates the efficient and fast transfer of data throughout the globe. The dominant companies offering third-party cloud storage, such as Microsoft and Amazon, have supported the growth and maturation of millions of businesses. The infrastructure at the heart of these services has the potential to cause untold damage, however. With cloud data security becoming ever more important to both industries and customers, it’s vital to take a proactive approach to your cloud storage security.

Efficient Storage – With a Budget Twist

The budget-friendliness of today’s cloud storage solutions make them particularly attractive to scaling businesses. By offering swathes of computing power on an as-you-need basis, the financial and administrative demands of the cloud are kept to a lean minimum. In essence, cloud providers offer pools of resources for their customers. The physical servers they operate may offer vast computing possibilities, but slicing this up in a flexible way demands clever architecture. A hypervisor is what divides these physical servers into millions of smaller virtual servers, abstracting the computing power into more efficient, smaller chunks.

From a software perspective, this is described as multi-tenancy architecture. The tenancy here is an analogy for externally-owned computing resources that can be switched and transferred at will. The benefits of this multi-tenant layout are numerous: sophisticated applications and large databases are able to be run immediately, enabling plug-and-play SaaS solutions, and allowing customers to save on storage, hardware, and CPU costs.

Fundamentally, multi-tenancy architecture is the beating heart of Database and Software as a Service. As the cloud has exploded in popularity, the cramming of multiple customers onto each virtual server has drawn slight concern from the more security-minded, however.

AppSync’s Deputy Issue

AppSync is a vital tool for drawing data from multiple connected AWS databases. It provides a robust interface for API production, supporting efficient data caching and easy endpoint creation. Thanks to AppSync’s ability to publish and query the data within a connected AWS database, it holds a fairly tenuous position within the security of an account. This sets the stage for a confused deputy problem – that is, when a less-privileged entity (an attacker kept out via authentication protocols) confuses a more-privileged entity (AppSync) into performing actions for the attacker’s benefit. To prevent this, AppSync was built with a failsafe: when creating a source for the API to pull from, the account name is checked against the database’s own account info.

However, researchers at Datadog Security Labs recently found and published a major flaw within this security protocol. Despite the check put in place, the researchers found that this check was vulnerable to malicious inputs. By manually feeding this function the Amazon Resource Name (ARN) of a different AWS account, AppSync could be tricked into assuming the access privileges of that unrelated account. This lends the attacker access to all resources under that account.

Allowing attackers access to once-protected databases is cause for major concern. Thankfully, AWS reacted with incredible swiftness when the researchers bought up the new exploit. Notifying the company on the 1st September, a patch was pushed to the AppSync service only five days later. Analyzing the impact of the newly-discovered vulnerability, Amazon analyzed all relevant logs, stretching back the service’s launch. AWS conclusively determined that the no customer accounts had become victim to this attack vector, and that the only accounts involved in this attack were those owned by the researchers.

Guaranteeing Cloud Security in 3 Phases

One of the benefits of the cloud is how simple and speedy its services are. Accelerated design and deployment have become a mainstay of DevOps; fantastic for innovation, but often considerably lacking in security. Sometimes, the need for speed can accelerate the creation of dire consequences. Instead of sacrificing speed and ease of use, purpose-built cloud-native security solutions offer security at pace.

Firstly, you can’t protect what you don’t know. Data governance is a rising issue, as cloud environments scatter databases hither and thither – meaning it’s also a key component of comprehensive, cloud-based security. The drift that naturally occurs as databases are created, deleted and cloned means that tracking every bit – no matter where it is, what data it consists of, and who is accessing it – has never been more difficult. Delivered as SaaS, modern data posture management can keep up with rapid deployment.

With data discovery handled, it’s now possible to start classifying said data. This automated process tags data according to its sensitivity, type, and value to the organization if altered or destroyed. This can occur through content, context or user info of each piece of data. By automatically assessing the ins and outs of each piece of data, it becomes possible to rank the risk following your organization’s own structure. The first benefit to this process is its ability to give organizations the most comprehensive overview of their risk level possible. Ultimately, however, this sets the foundation for the final phase of cloud security.

Once you’ve clarified what the data is, and which users can begin using said data, it becomes a lot easier to sniff out any instances of policy violation. This lends itself to top-notch authorization policies, with best practice and historical info helping establish who should have access to each level of sensitive data. Policy violation responses can be automated: for instance, if someone is suddenly attempting to transfer sensitive data outside the organization; or an account seeing suspicious behavior; the suspicious activity is terminated before a breach occurs.

With a security solution handling the three pillars of cloud security, your customers and industry partners are kept safe from profiteering cybercriminals and malicious actors.

Previous Post

Get The Scoop On The Latest Trend: Knotless Braids

Related Posts

Business

Ethanol Prices Today, Price Chart and Forecast Analysis Provided by Procurement Resource

November 11, 2022
food truck finders
Business

What is Food Truck Finders and How to Get Listed

November 10, 2022
Business

Guidelines On Getting Root Canal Therapy

November 8, 2022
Business

Storytelling: A Highly Effective Way to Increase Your Sales

November 3, 2022
Business

Orthodontics Market: Orthodontics To Grow at 16.5% CAGR During 2021-2028

November 3, 2022
Business

Surgical Sutures Market: Surgical Sutures To Grow at 5.8% CAGR During 2021-2028

November 3, 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

PPC Campaign

How to Run a Successful PPC Campaign To Boost Sales?

February 8, 2022
Foods that contain cholesterol are Bad For Your Heart Health

Foods that contain cholesterol are Bad For Your Heart Health

May 27, 2022
best magento 2 extension

Top Magento 2 Plugins in 2022

August 30, 2022

Top Tips For Choosing The Right Digital Marketing Agency

June 14, 2022

Global Solar Panel Recycling Market To Be Driven By The Rising Installation Of Solar Panels In The Forecast Period Of 2022-2027

May 13, 2022
IVG Bar

Vape juice contains exactly what? IVG bar

October 5, 2022
the Corporate Insolvency Resolution Process

All You Need to Know About the Corporate Insolvency Resolution Process

May 6, 2022

Flight apps

June 27, 2022

Things to Consider Before You Study in Australia

October 7, 2022

Snapchat Tips: The Complete Guide

August 5, 2022

How to Delete Your Twitter account

July 18, 2022

21 Nutrition Tips for Better Health and Longevity

April 30, 2022

Top Bathroom House Cleaning Tips by House Cleaning Atlanta

August 30, 2022

What is a plumber and how to become one?

June 21, 2022

Tips for Baking Cakes

July 23, 2022

February 25, 2022

© 2021 Setup Post all rights reserved.

No Result
View All Result
  • Home
  • Entertainment
    • Gaming
    • Movie
    • Music
    • Sports
  • Lifestyle
    • Fashion
    • Food
    • Travel
    • Health
  • News
    • Bussiness
    • Politics
    • Science
    • World
  • Tech
    • Apps
    • Gadget
    • Mobile

© 2021 Setup Post all rights reserved.