IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [cloud-computing]

Cloud computing is about hardware-based services involving computing, network and storage capacities. These services are provided on-demand, hosted by the cloud provider and can easily scale up and down.

306 questions
47
votes
8 answers

What are some considerations before moving personal data to Google Drive?

I am considering uploading some (all) of my digital personal data to Google Drive. I guess this would instantly grant access for NSA to my data. (Is that right?) Who would have access to my data on my gDrive? After deleting some files on the Drive,…
gen
  • 1,660
  • 2
  • 18
  • 18
44
votes
9 answers

I have just 4 hours a month to security check a cloud based application - How to use my time?

I've been tasked with looking after an application deployed to azure. I have been allocated 4 hours a month. I essentially have half a workday to secure this application / keep it secure. What is an efficient use of my time? Should I concentrate…
user230910
  • 1,005
  • 1
  • 11
  • 12
30
votes
1 answer

AWS VPC - should connections between instances be over SSL?

Say I have a few EC2 instances in an AWS VPC network, each assigned its own private address for the subnet at creation. Say one of them is a DB, and another one some kind of web app talking to the DB. The DB makes sure to authorize only a certain…
glitch
  • 529
  • 4
  • 5
30
votes
5 answers

How unlikely is it that a Google Doc link is guessed?

Most (if not all) of us know that a Google Doc link looks something like this: https://docs.google.com/document/d/13P3p5bA3lslqEJT1BGeTL1L5ZrQq_fSov_56jT9vf0I/edit There are becoming several tools (like Trello) that allow you to "attach" a document…
Wayne Werner
  • 1,755
  • 3
  • 15
  • 20
29
votes
4 answers

How can PrivateSky not see your data?

PrivateSky is a website that promises encrypted "cloud-like" secure information exchange. They promise that except the sender and receiver, nobody can see your data. After testing it yesterday, I do not understand how this is possible. Let me…
user1202136
  • 595
  • 4
  • 8
27
votes
3 answers

Is Firefox Password Manager less secure than LastPass?

After installing the LastPass password manager, I am presented with a login dialog including the option to "Disable Insecure Firefox Password Manager". (This option appears as long as the Firefox Password Manager is enabled, whether or not a master…
lofidevops
  • 3,550
  • 6
  • 23
  • 32
27
votes
2 answers

How do big cloud providers guard against VM escape attacks?

I think it's pretty much unassailable to say that cloud computing as we know it depends on the concept of the robustness of virtual machines. Where one can depend on the security of VMs they allow workloads from multiple customers of a cloud…
mostlyinformed
  • 2,715
  • 16
  • 38
26
votes
9 answers

Can PHI be HIPAA compliant on a cloud?

I have read conflicting information on whether PHI can be stored and delivered on a cloud in a HIPAA compliant manner. I hear many people saying you cannot share infrastructure and be HIPAA compliant. What needs to be taken into consideration when…
William
25
votes
1 answer

Has anyone achieved PCI compliance on AWS?

All the FAQs, documents and statements published by AWS aside, did any Level 1 merchant or service provider actually achieve PCI compliance on AWS yet? We're evaluating moving some of our services to EC2/VPC, but our auditor is saying that AWS…
Boris Slobodin
  • 351
  • 3
  • 3
25
votes
11 answers

What are security issues which are specific to cloud computing?

Moving almost everything to the Cloud gradually becomes a mainstream. Are there any security issues, which appeared together with this trend? What everybody should check out, from the security point of view, before moving its webapps and databases…
rem
  • 2,017
  • 2
  • 19
  • 27
23
votes
2 answers

How critical is encryption-at-rest for public cloud hosted systems?

I work as a solutions architect for web-based systems on AWS. As part of this role, I often respond to Information Security questionnaires. Nearly all questionnaires request information about data encryption at-rest and in-transit. However only a…
jdog
  • 355
  • 2
  • 7
20
votes
2 answers

What's wrong with storing private keys in the cloud?

I know this sounds like a dumb question, but whats wrong with it? Assuming that all private data is encrypted (by the client) using PBE AES256, then is this scheme more vulerable than storing keys on your local computer? Pros: all of your devices…
senecaso
  • 782
  • 6
  • 14
20
votes
4 answers

In what ways does Full or Partial Homomorphic Encryption benefit the cloud?

Can someone explain, in plain English, the practical ways FHE and PHE can be leveraged in the cloud? Some interesting (and confusing) links include this Microsoft Research PDF and this Wikipedia entry. Questions: Is homomorphic encryption…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
18
votes
3 answers

Is amazon S3 secure enough to hold personal documents?

I have a client who is looking to hold personal information such as Driving Licences and Insurance documents in order to verify if a user of the site is who they say they are and lives where they say they live (the site is a sort of brokerage) We…
petedermott
  • 189
  • 1
  • 4
18
votes
5 answers

Cloud-based DDoS as a Service

With the consolidation of cloud computing and virtualization, a really simple doubt comes to my mind: why isn't DDoS being largely offered as a service? Why don't we see cloud-based DDoS attacks? vDOS, LizardStresser and others offered a way in…
Gabriel Rebello
  • 291
  • 2
  • 4
1
2 3
20 21