In this post, dig into elemental cloud security challenges, such as a centralized native cloud-only model for identity verification and authentication.
Join the DZone community and get the full member experience. The Cloud is ubiquitous: any company looking to ramp up quickly will provision its compute, networking, and storage with its preferred cloud provider, and get started rolling out their products. That makes total sense from a business perspective. The Cloud has simplified development and automation exponentially over the years, and emerging tech such as AI and IoT will only accelerate this. However, the catch is that the very same foundational architectures which drive the Cloud’s efficiency, flexibility, and cost benefits ultimately also are its weakest links from a security perspective. The result is the daily march of headlines we all read about: ever larger and deeper breaches of data and systems. There are three fundamental drivers that serve as the basis for the large majority of access hacks, data security breaches, and privacy vulnerabilities: A centralized native cloud-only model for identity verification and authentication A fundamentally flawed architecture for data security and privacy The complexity of the native cloud-based solutions and active security measures that are layered over this inherently flawed foundation This series of articles will dig into each of these elemental cloud security challenges that need to be addressed if we really want to improve things. Today, we will focus on the first. Credentials-based authentication — that is, username and password — is notoriously insecure and the source of 80%+ of data breaches today. Yet most end users still gain access to their websites and applications this way. Even worse, so do many DevOps and cloud engineers to their sensitive production cloud environments. Thankfully, a long-overdue migration to password-less authentication is now underway, with dozens of tools vying for supremacy, and more and more sites like GitHub are deprecating password-based authentication entirely. While this is an important step forward, it still only solves part of the problem: not all password-less authentication solutions are created equal. The new wave of solutions eliminates the password, but all still have one or several intrinsic weaknesses derived from the same foundational flaw. The benefits of the cloud — its flexibility, scalability, and distributed access — are indisputable. However, the practice of having all of your much-needed services available centrally, from the data lakes to the databases, to the IAM and much more, have essentially created a security monster. At AWS Re:Invent just a couple of weeks ago, Werner Vogels, AWS CTO said that there is virtually no service their IAM framework doesn’t touch.
