Sign in / up

back to article Cloud security harder than 'encrypt everything'

Australia's wildly-enthusiastic adoption of cloud computing is providing the rest of the world a crucible in which a host of security challenges can be cultured, according to F5 security researcher David Holmes. Speaking to The Register's networking desk while visiting the antipodes, Holmes said that “Australia is becoming the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. gollux

    <quote>“So you decided to encrypt the giant database at rest – but you have automated queries coming in from other systems, all day."

    “All those other systems have copies of the keys – you have copies of the keys all over the place. It's hardly any different to the data not being encrypted.”</quote>

    Heh, the same argument as used against backdoors. All those keys sitting around just waiting to be extracted and exploited.

    2 0 Reply
    1. Adam 52 Silver badge
      Reply Icon

      In this case though, it's massively different to the data not being encrypted because

      (a) a database backup or volume snapshot is useless,

      (b) your external systems have different keys and those keys grant access to different data items so you can't lose the whole database in one go,

      (c) you can identify where breaches came from and

      (d) you can rotate keys

      1 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Rather than attempting to secure everything which never works, why not just store really lame stuff about people.

    "Today, Securitolomew Inc reported that their systems were fatally compromised last night, after a coordinated and complex cyber attack. Cyber criminals are thought to have made off with the favourite colour and shoe sizes of 100,000 customers."

    5 0 Reply
  3. Paul Crawford Silver badge

    Site white lists?

    "The problem here is that an attacker's site can also use SSL/TLS, and if it's a user (who clicks on a phishing link, for example)"

    I'm guessing most businesses only really deal with a modest number of sites with ligitimate reason from the corporate LAN (as opposed to the separate guest/coffee break wifi, which of course they have on a separate network). So they could have a system where access to a site has to be requested first by the user (with various checks) to add it to the white-list. That way most phishing links would fail and most malware C&C would be blocked.

    Unless the users was really, really dumb of course and determined to access some random site.

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Site white lists?

      Like when we had two weeks to integrate with Facebook at short notice, but the approval process to unblock facebook.com (which also hosts all the api documentation, etc.) takes takes that long?

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like