SecureCloudDB Blog

Security is a Shared Responsibility

It can be easy to assume Cloud Providers provide complete and total security. However, that is not the case. Amazon’s Shared Responsibility Model makes it clear that AWS is “responsible for security ‘of’ the cloud” while AWS customers are “responsible for security ‘in’ the cloud.” 

Per Amazon, “Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.”

SecureCloudDB is proud to participate in the upcoming AWS Americas Summit, Cyber Security & Cloud Expo, and BrightTALK Panel Discussion. If you attend any of these events (more detail below), let’s connect. We hope to see you there!

The following excerpt regarding who is responsible when it comes to security in the cloud is taken from a live panel discussion titled Cloud Security 2021: Emerging Trends, Threats, and Responses. The cloud provider, auditing, managed service provider and enterprise communities were represented by Tim Sandage of AWS, Mike Hughes of Prism RA, Jeff Collins of Lightstream and Tyler Kennedy of Rewind. The session was moderated by Aaron Klein of SecureCloudDB.

According to a release from the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC): “In recent years, ransomware attacks have become more focused, sophisticated, costly, and numerous. According to the Federal Bureau of Investigation’s 2018 and 2019 Internet Crime Reports, there was a 37 percent annual increase in reported ransomware cases and a 147 percent annual increase in associated losses from 2018 to 2019.” Ransomware attacks were prevalent in 2020 as well.

Attackers do not discriminate, although it appears focus has shifted over the years from targeting individuals to organizations who can make bigger payoffs and opt to do so to avoid downtime and the expense of rebuilding. It seems bad actors have begun to favor opportunities that enable them to maximize profits. 

Database accounts can be a powerful attack vector for a dedicated attacker. Whether it’s an account left with high level access to environment settings, low level accounts with the ability to perform user enumeration or just an old fashioned brute force attack, leaving accounts with little to no security can spell disaster for an organization.

Despite increasing spending in cybersecurity, organizations are more at risk and attackers are more sophisticated than ever before. The old security approach based on “trust but verify” is no longer effective in a world that has dramatically increased online operations almost overnight—increasing security risks for organizations and individuals at the same time. 

2020 will go down in infamy for many reasons, but as millions of people have struggled with a pandemic throughout the past year, organizations have had their own crises to deal with. With more activity in the cloud than ever before, data breaches have affected everyone from small businesses to Fortune 500 companies. In this four part series, we look back on notable breaches from 2020 and discuss how SecureCloudDB could have been employed as part of a layered defense strategy to alleviate, if not prevent, incidents like them.   

Part four notes the Shopify breach that occurred in September of 2020.

Quantifying the real cost of ransomware attacks can be difficult. Contributors can include the ransom itself, cyber insurance, downtime and lost revenue, remediation and recovery, and regulatory fines as well as qualitative factors such as reputational damage or customers’ mistrust of the organization. The true costs of a ransomware attack can include amounts to be determined far beyond the immediate aftermath.

2020 will go down in infamy for many reasons, but as millions of people have struggled with a pandemic throughout the past year, organizations have had their own crises to deal with. With more activity in the cloud than ever before, data breaches have affected everyone from small businesses to behemoths. In this four part series, we look back on notable breaches from 2020 and discuss how SecureCloudDB could have been employed as part of a layered defense strategy to alleviate, if not prevent, incidents like them.   

Part three below covers the Garmin breach that occurred in July of 2020.

Public cloud database security software startup adds security veteran to its ranks

ROCHESTER, NY, January 26, 2021 /24-7PressRelease/ -- SecureCloudDB, the leader in cloud database security, today announced the appointment of David LeBlanc as its Chief Product Officer. LeBlanc will be responsible for product strategy and roadmap, working with customers and further enhancing the value SecureCloudDB brings to its users.