NSA offers Cloud Security guidance in the wake of Azure errors

305

As companies are struggling to mitigate cloud vulnerabilities, The National Security Agency has taken the initiative to the framework and published new guidelines helpful to mitigate cloud vulnerabilities.

 

In recent times, as large cloud service providers such as Amazon Web Services and Microsoft Azure have failed to avoid data breaches on their respective platforms NSA has taken the onus of guiding the users on the do’s and don’ts when using the platforms.

 

While misconfigurations are a big worry for those moving their applications and data to the cloud, other issues like Poor Access Control, Shared Tenancy Vulnerabilities, and Supply Chain Vulnerabilities are being highlighted by NSA in its vulnerability disclosure report which requires mitigation guidance on an immediate note.

 

“Mitigating risks in the cloud needs customers to be fully aware of the existing threats and vulnerabilities. And as Cloud platforms provide an array of security advantages than on-premises technological environments which include automation of security processes, customers need to understand that they have a shared responsibility with CSPs when it comes to protecting their apps & data on the cloud”, the report concludes.

 

As the adoption of cloud resources is increasing among enterprise users, NSA seems to have taken the initiative to play a more active role in offering proper guidance in cloud or enterprise security.

 

Note- In Jan this year, Microsoft disclosed that over 250 million customer service and support accounts were exposed in a data breach that occurred on Azure due to a misconfiguration. Reports were in that the data was accessible to hackers who just had a web browser as it was left unprotected with passwords or any kind of encryption.