We’ve all heard the concerns: While public clouds do a good job protecting our cloud-based systems from outside attackers, what about attacks that may come from other public cloud users? These are known as cross-tenant attacks (sometimes called side-channel attacks), where other tenants on the same public cloud somehow access your data. Should you pay more attention to this fear?
No, you should not pay more attention to cross-tenant attack fears. Here’s why.
First, there are much easier attack vectors to exploit when it comes to public clouds, such as human error. The cloud breaches that I hear about are caused almost 100 percent by human error. Often, people misconfigured their cloud machine instances and thus exposed data that was not meant to be exposed. If enterprises focus on dealing with cloud security, they should be focused there.
Second, most enterprises encrypt data on public clouds, both in-flight and at rest. Even if one tenant could access server instances held in other tenants’ account, that miscreant wouldn’t be able to read the data. Encryption also protects against hacking that comes from outside the cloud.
Third, the public cloud providers have the security systems in place to ensure that a cross-tenant attack is unlikely. It’s true that the tenant-management systems manage resources for many tenants at the same time, which is why enterprises get nervous. But there are well-thought-out virtual demarcation lines between tenants, which is a fundamental aspect of a multitenant system. Each public cloud provider has its own way of accomplishing these separation goals, and while you have no way of understanding every aspect of the approaches they use, you need to trust them at the end of the day.
With all of that said, this is a legitimate concern, and enterprises should always have a healthy level of skepticism about any type of provider services. However, you have more pressing concerns right now. Don’t let this one take more time than needed and divert you from those more serious issues.
Powered by WPeMatico