![]() The cloud, he said, “needs to have a regulatory structure around it.” We don’t have anybody who would step up and say, ‘It’s our job to regulate cloud providers,’” said Knake, of the strategy and budget office. We don’t have a Ministry of Communication. “In the United States, we don’t have a national regulator for cloud. So the White House is planning to use whatever powers it can pull on to make that happen - limited as they are. “We need to get to a place where cloud providers have security baked in with that.” “The reality is that today cloud security is often separate from cloud,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said last week during a roll-out event for the new cyber strategy. That practice complicated the federal investigations into the SolarWinds attack, because the agencies that fell victim to the Russian hacking campaign had not paid extra for Microsoft’s enhanced data-logging features. officials express significant frustration that cloud providers often up-charge customers to add security protections - both taking advantage of the need for such measures and leaving a security hole when companies decide not to spend the extra money. law enforcement faster than it can trace them down. Foreign hackers have become more adept at “spinning up and rapidly spinning down” new servers, he said - in effect, moving so quickly from one rented service to the next that new leads dry up for U.S. That risk is only growing, said Rob Knake, the deputy national cyber director for strategy and budget. For months, they used those to slip unnoticed into at least nine federal agencies and 100 companies. So far, cloud providers have haven’t done enough to prevent criminal and nation-state hackers from abusing their services to stage attacks within the U.S., officials argued, pointing in particular to the 2020 SolarWinds espionage campaign, in which Russian spooks avoided detection in part by renting servers from Amazon and GoDaddy. The problems come when those cloud providers aren’t providing the level of security they could. Many small businesses and other customers simply lack the expertise and resources to protect their own data from increasingly adept hackers. ![]() Instead, they’re trying to ensure that rapid growth doesn’t translate to new security risks.Ĭloud services can “take a lot of the security burden off of end users” by relieving them of difficult and time-consuming security practices, like applying patches and software updates, said Walden. In a series of interviews about this new, tougher approach, administration officials stressed that they aren’t giving up on the cloud. And last week the administration warned in its national cybersecurity strategy that more cloud regulations are coming - saying it plans to identify and close regulatory gaps over the industry. cloud servers (implementing an idea first introduced in a Trump administration executive order). cloud providers to steal data or extort companies.Īmong other steps, the Biden administration recently said it will require cloud providers to verify the identity of their users to prevent foreign hackers from renting space on U.S. Cybercriminal groups also regularly rent infrastructure from U.S. Hackers from nations such as Russia have used cloud servers from companies like Amazon and Microsoft as a springboard to launch attacks on other targets. “A single cloud provider going down could take down the internet like a stack of dominos,” said Marc Rogers, chief security officer at hardware security firm Q-Net Security and former head of information security at the content delivery provider Cloudflare.Īnd cloud servers haven’t proved to be as secure as government officials had hoped. The collapse of a major cloud provider could cut hospitals off from accessing medical records paralyze ports and railroads corrupt the software that help financial markets hum and wipe out databases across small businesses, public utilities and government agencies. The fear: For all their security expertise, the cloud giants offer concentrated targets that hackers could use to compromise or disable a wide range of victims all at once. ![]() In essence, she said, the cloud is now “too big to fail.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |