Sovereign cloud features more frequently in future plans – Cloud

Cyber ​​security will remain a top priority – indeed, perhaps the top priority – in cloud computing for the medium term. When the data is sensitive or when laws require it, organizations are looking to a sovereign cloud as part of the solution.


According to Nigel Pair, enterprise director, UNSW Institute for Cybersecurity, and also a non-executive director on a number of boards, “The whole business case for a dominant cloud is that this information is so sensitive, so serious that it should be domiciled . , say, in our perspective, in the Australian environment,” he said.

Apart from the risk of nation-states granting the right to seize company data, there are also increasingly aggressive privacy regimes that reflect the concerns of consumers around the world.

“Germans do not trust data in companies. Americans don’t trust data in government and China wants data to be right,” said Robert Potter, co-founder and co-CEO at Internet 2.0 and adviser to the US State Department.

Also Read :  Monterey County disaster assistance center to relocate to Salinas

Their views are in line with research from organizations such as Gartner.

“From a range of reasons at a macro, economic and societal level, which we call, in short, digital geopolitics, we will see some differences in terms of cloud computing going into 2025 and beyond towards 2030.”

He said that Europe provides a great example. “They have a strong desire to expand their digital empire. So they want to be less dependent on foreign entities in terms of their reliance on cloud computing, really, the whole computing.”

That signals the confidence governments have in providing their cloud architecture and wider technology, as companies like Huawei and Alibaba have already discovered.

According to Potter, “If your racks are in China, basically, if you can touch the box it’s yours, that’s the rule of thumb, right?”

Hacking is much easier if you can physically get hold of the box, he said.

Also Read :  Unsupervised Machine Learning: Benefits for the Financial Services Industry

Potter told iTnews, “In cloud, the most dangerous route is at the infrastructure level of the cloud provider itself. Take Huawei’s national data centers in Papua New Guinea, for example, Huawei gave themselves a universal access pass to the entire cloud infrastructure, so there’s not much you can do if the bad guy owns the metal.

“You want to think about where you put your cloud data because the first question is the question of the provider and the actual arrangement of your instances. The first thing is, don’t buy the wrong cloud. Because if the bad guy can turn the knob at the bottom and empty all your stuff, you have no hope.”

The problem could be even worse than that, he suggested.

“The other component is, if that cloud provider is immature, the bad guy can take advantage of the cloud computing, move laterally across multiple customers and drain them all at the same time. That’s what we saw APT10 do. They are an operational group from Tianjin in China, about an hour east of Beijing, they work with the MSS (Ministry of State Security), they hit some customers moving laterally simply by infecting all the cloud layer. They hit the infrastructure layer of the cloud, not the user layer.”

Also Read :  How Can Contact Centers Use AI-Powered Chatbots Responsibly?

However, the vast majority of cloud breaches are still carried out using compromised user credentials.

“It’s a case of getting all the underlying cyber right. Cloud outsourcing does not mean outsourcing risk, the risk is still yours. That’s a key principle that many people don’t follow, and they get into a lot of trouble. Getting the user controls is key to doing it.

Organizations must treat the cloud environment as part of the enterprise, and behave accordingly said Potter, “[Just] as you would as if that server were sitting in your own office.”


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button