Cloud security--and who owns the risk--was part of an Advisory Council roundtable last week at SecureWorld Denver.
And the consensus is that all sides own a slice of the risk.
Amazon Web Services, for example, operates under a shared responsibility model. AWS is responsible for the security of the cloud infrastructure. The client is responsible for properly configuring each server in the cloud that it uses.
And that's where companies are running into trouble. Mis-configured servers in the cloud have left sensitive information open and exposed. That was the case with Accenture's exposed cloud database in the fall of 2017. There have been almost weekly examples of issues like this
Now, researchers at SkyHigh networks have discovered a new kind of AWS S3 bucket vulnerability that can lead to a man-in-the-middle (MITM) attack because some S3 buckets are configured to allow public writes.