Setup Post
  • Home
  • Business
  • Computers and Technology
  • Health
  • Services
  • write for us
  • contact
Saturday, June 3, 2023
No Result
View All Result
  • Home
  • Business
  • Computers and Technology
  • Health
  • Services
  • write for us
  • contact
No Result
View All Result
Setup Post
No Result
View All Result
Home Business

AWS: Multi-Tenancy Creates Confused Deputies

Setup Post by Setup Post
January 3, 2023
in Business, Computers and Technology
0
Share on FacebookShare on Twitter

Cloud data storage facilitates the efficient and fast transfer of data throughout the globe. The dominant companies offering third-party cloud storage, such as Microsoft and Amazon, have supported the growth and maturation of millions of businesses. The infrastructure at the heart of these services has the potential to cause untold damage, however. With cloud data security becoming ever more important to both industries and customers, it’s vital to take a proactive approach to your cloud storage security.

Efficient Storage – With a Budget Twist

The budget-friendliness of today’s cloud storage solutions make them particularly attractive to scaling businesses. By offering swathes of computing power on an as-you-need basis, the financial and administrative demands of the cloud are kept to a lean minimum. In essence, cloud providers offer pools of resources for their customers. The physical servers they operate may offer vast computing possibilities, but slicing this up in a flexible way demands clever architecture. A hypervisor is what divides these physical servers into millions of smaller virtual servers, abstracting the computing power into more efficient, smaller chunks.

From a software perspective, this is described as multi-tenancy architecture. The tenancy here is an analogy for externally-owned computing resources that can be switched and transferred at will. The benefits of this multi-tenant layout are numerous: sophisticated applications and large databases are able to be run immediately, enabling plug-and-play SaaS solutions, and allowing customers to save on storage, hardware, and CPU costs.

Fundamentally, multi-tenancy architecture is the beating heart of Database and Software as a Service. As the cloud has exploded in popularity, the cramming of multiple customers onto each virtual server has drawn slight concern from the more security-minded, however.

AppSync’s Deputy Issue

AppSync is a vital tool for drawing data from multiple connected AWS databases. It provides a robust interface for API production, supporting efficient data caching and easy endpoint creation. Thanks to AppSync’s ability to publish and query the data within a connected AWS database, it holds a fairly tenuous position within the security of an account. This sets the stage for a confused deputy problem – that is, when a less-privileged entity (an attacker kept out via authentication protocols) confuses a more-privileged entity (AppSync) into performing actions for the attacker’s benefit. To prevent this, AppSync was built with a failsafe: when creating a source for the API to pull from, the account name is checked against the database’s own account info.

However, researchers at Datadog Security Labs recently found and published a major flaw within this security protocol. Despite the check put in place, the researchers found that this check was vulnerable to malicious inputs. By manually feeding this function the Amazon Resource Name (ARN) of a different AWS account, AppSync could be tricked into assuming the access privileges of that unrelated account. This lends the attacker access to all resources under that account.

Allowing attackers access to once-protected databases is cause for major concern. Thankfully, AWS reacted with incredible swiftness when the researchers bought up the new exploit. Notifying the company on the 1st September, a patch was pushed to the AppSync service only five days later. Analyzing the impact of the newly-discovered vulnerability, Amazon analyzed all relevant logs, stretching back the service’s launch. AWS conclusively determined that the no customer accounts had become victim to this attack vector, and that the only accounts involved in this attack were those owned by the researchers.

Guaranteeing Cloud Security in 3 Phases

One of the benefits of the cloud is how simple and speedy its services are. Accelerated design and deployment have become a mainstay of DevOps; fantastic for innovation, but often considerably lacking in security. Sometimes, the need for speed can accelerate the creation of dire consequences. Instead of sacrificing speed and ease of use, purpose-built cloud-native security solutions offer security at pace.

Firstly, you can’t protect what you don’t know. Data governance is a rising issue, as cloud environments scatter databases hither and thither – meaning it’s also a key component of comprehensive, cloud-based security. The drift that naturally occurs as databases are created, deleted and cloned means that tracking every bit – no matter where it is, what data it consists of, and who is accessing it – has never been more difficult. Delivered as SaaS, modern data posture management can keep up with rapid deployment.

With data discovery handled, it’s now possible to start classifying said data. This automated process tags data according to its sensitivity, type, and value to the organization if altered or destroyed. This can occur through content, context or user info of each piece of data. By automatically assessing the ins and outs of each piece of data, it becomes possible to rank the risk following your organization’s own structure. The first benefit to this process is its ability to give organizations the most comprehensive overview of their risk level possible. Ultimately, however, this sets the foundation for the final phase of cloud security.

Once you’ve clarified what the data is, and which users can begin using said data, it becomes a lot easier to sniff out any instances of policy violation. This lends itself to top-notch authorization policies, with best practice and historical info helping establish who should have access to each level of sensitive data. Policy violation responses can be automated: for instance, if someone is suddenly attempting to transfer sensitive data outside the organization; or an account seeing suspicious behavior; the suspicious activity is terminated before a breach occurs.

With a security solution handling the three pillars of cloud security, your customers and industry partners are kept safe from profiteering cybercriminals and malicious actors.

Previous Post

Get The Scoop On The Latest Trend: Knotless Braids

Next Post

How To Select The Right Industrial Painting Contractor In Florida

Related Posts

Business

How Your Java Skills Can Impact Your Career Path

May 12, 2023
Computers and Technology

How to choose java classes in Pune?

May 11, 2023
Business

Finding Balance: Recognizing ľhe Signs of Overworking

March 29, 2023
Business

How To Select The Right Industrial Painting Contractor In Florida

February 13, 2023
Business

Ethanol Prices Today, Price Chart and Forecast Analysis Provided by Procurement Resource

November 11, 2022
food truck finders
Business

What is Food Truck Finders and How to Get Listed

November 10, 2022
Next Post

How To Select The Right Industrial Painting Contractor In Florida

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

How to Select Stocks for Intraday

How to Select Stocks for Intraday?

March 31, 2022

Algae Products Market Key Players, Demand, Industry Share and Research Report 2021-2026

February 24, 2022
Market Research Updates

US Synthetic Fibers Market Report Covers Future Trends With Research 2022 to 2027

May 26, 2022

PupilPath Registration Support

June 14, 2022
Buying Your Home Quickly

Things to Keep in Mind While Buying the House

June 27, 2022
Market Reserch Update

Europe Silica Flour Market by Manufacturers, Regions, Type and Application

May 26, 2022
Waste Management Denver Colorado

3 Reasons Why You Need a Denver Waste Management Company

August 23, 2022

How to Write Introduction for the English Dissertation?

June 16, 2022

Elderly Care in Dubai: reasons and responsibilities

August 12, 2022

A Popeyes Guest Satisfaction Survey

June 1, 2022

How to choose the Best Running Shorts

March 24, 2022

An Ultimate Guide to Taxi App Development Cost in 2022

February 9, 2022

Why do You Need Fertility Treatment

October 14, 2022

How To Get Instagram Followers

July 3, 2022

How to set up Quickbooks remote Access?

July 11, 2022

Most recent Website architecture Components

September 15, 2022

© 2021 Setup Post all rights reserved.

No Result
View All Result
  • Home
  • Entertainment
    • Gaming
    • Movie
    • Music
    • Sports
  • Lifestyle
    • Fashion
    • Food
    • Travel
    • Health
  • News
    • Bussiness
    • Politics
    • Science
    • World
  • Tech
    • Apps
    • Gadget
    • Mobile

© 2021 Setup Post all rights reserved.