Well it used to be location, location, location. But try telling that to the Cloud, who knows no physical bounds but has the scope of reach that screams “scale!” So yes, seasons and concepts both change. It wouldn’t be fair to pretend that Atlassian’s issue is unique. In 2020, Google Cloud Platform paid over $300,000 to independent researchers who found and detailed vulnerabilities in the GCP. The top prize went to a university student in Uruguay named Ezequiel Pereira, who found a remote code execution (RCE) flaw in the Google Cloud Deployment Manager. With sophisticated hacking groups now successfully selling their services (unfortunately) to certain countries, one can’t help but wonder how they compare to just one university student.Sourcing statistics from the industry’s most researched Verizon Data Breach Investigations Report (DBIR), we see that the Cloud is also quite capable of hosting the rain which pours on our parade. The 2020 DBIR analyzed around 4,000 breaches, of which Cloud infrastructure was affected 27% of the time as compared to on-site data centers. The 2021 DBIR analyzed 5,200 breaches & 79,000 Cybersecurity incidents, and that is alarming in and of itself. It’s nice when cryptocurrency prices see exponential growth, but multiplicity is much less desirable in regards to Cybersecurity incidents. We wouldn’t typically state the obvious, but there seems to be a disconnect between these statistics and the degree of action being taken to secure the Cyberspace occupied by the average organization. Mathematically this equation leads to a negative result, and as such we should be united in discussing this critical threat to National Security. If 2021 were an Artist, it painted a different picture indeed. Out of the 79,000 incidents analyzed, 73% involved external Cloud assets vs. on-premise IT assets. It makes sense if we consider that the Cloud (Clouds) may appear to be honeypots to hackers, who like to make mayhem out of remote connectivity. Just recently came this announcement on Atlassian’s support website regarding Confluence Server and Data Center – CVE-2022-26134 – Critical severity unauthenticated remote code execution vulnerability: “Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. All versions of Confluence Server and Data Center prior to the fixed versions listed above are affected by this vulnerabilit
Recent reports of remote tech positions being filled by bad actors using stolen identities comes to mind when we hear Google Cloud Security Bulletin announce high severity vulnerabilities such as CVE-2022-29581, just as one example. “Allows unprivileged users with local access to the cluster to achieve a full container breakout to root on the node.” The next one on the list also mentions container breakout, but adds also privilege escalation on the host.
Which could leave a sustainability enthusiast left scratching their head, wondering why enthusiasm just isn’t what it used to be.
Centralized Clouds can become congested by improper architecture, creating unnecessary connections and potential backdoors & open windows. When a honeypot is located in a swampy area, swamp things typically begin to circle like buzzards.
Maybe we need scarecrows at the site of Virtual Machines (VMs), to guard the gap left by misconfigurations? As Tech Target reported on May 5, 2022, the firm Mitiga discovered “dangerous functionality” in the GCP that could allow attackers to compromise Virtual Machines. This particular attack vector is an exposed metadata API, as each API brings it’s own set of risks.
Google Cloud made official recommendations on how to remedy Log4J, including the advice to contact all affected 3rd party apps that the organization uses.
New strains of malware that are being unleashed to delete data backups are of special concern, and this needs no further comment. The sustainability enthusiast is feeling a bit down, but hope has a way of remaining alive and could easily win on “Survivor.”Do we suggest the Cloud can’t be secured? No, but a different strategy must be employed. Which is why Petronella Technology Group recently made a hefty investment into upgrading our data hosting capabilities. Cloud hosting? Check. On-site hosting? Check. Cybersecurity as the firm foundation? Checkmate.
We didn’t WANT to spend the money, just like everyone else. But we also respect mathematics, and understand the cost of consequence to be higher than the cost of preparation. We’re kind of tired of hackers, and bet that the Internet itself is as well. Maybe we can’t solve all Cybercrime at once, but we can continue our journey on a better path. Privately secured Cloud hosting anyone?The key to Cloud hosting safety: Infrastructure, architecture, equipment, & expertise. In tribute to the rumors of sentient AI, let’s see what an AI writing tool had to say when we asked it to express it’s thoughts on data hosting (unedited): “When we talk about data hosting, we usually refer to the service of storing and managing data for various businesses. The data can be anything from business records, customer details, financial information, or any other important information. If you are looking to store your data, then it is always advisable to choose the best option available. You should make sure that you have chosen the right company to handle your data. This will help you to keep a check on the security of your data. There are various companies which offer data hosting services. You need to take care while choosing a company. There are many companies which provide services at a cheaper rate but they do not have enough experience in handling such sensitive data. They may also lack the necessary expertise to secure the data. If you are looking for the best services, then it is always advisable that you go for the best.” We agree! Is your data hosting strategy shrouded in way too much mystery, with unidentifiable risks lurking startingly alertly in the same room as your data? To continue the showcasing of AI talent, let’s consider that exact horror as depicted by an AI Artist:
*Credit to DALL•E Mini
The Good News? PTG has your back. We aren’t afraid of the vulnerabilities emerging in Cybersecurity, because we’ve been preparing. Our data hosting checks all the boxes: we’ve got over 20 years expertise, architectural prowess, stillness of mind, and the Edge Technology that keeps us ahead of the threats. Such as, the same security equipment that the US Navy and the US Army Cyber School now use.
Book a Chat for a complementary quote, and we’ll show you the better way. Special thanks to the AI Artist DALL•E Mini, for specifically drawing it’s depiction of the upgraded & updated PTG Cybersecurity-Centric Cloud & Hybrid Hosting Service as shown below.The bonus Good News? Due to our smart setup, we provide more advanced security AND beat the price of any Big Tech Cloud provider…guaranteed. Our industry-leading redundancy options reduce the risks posed by ransomware, and our environment’s clean & pristine. There’s no time like the present to do what we wish we did years ago, but crying over spoiled soy milk just isn’t sensible. There’s a pathway forward, if you’re ready to take a leap onto the lifeboat-looking bandwagon. Hybrid hosting solutions by Cybersecurity specialists: on-site physical fortress, strategically secured private Cloud.
Open Source and publicly available AI tools are popping up all over the place, so in case you’re unfamiliar with DALL•E Mini: DALL•E is a Closed Source tool from OpenAI (no pun intended) that draws original images based on text entered by the human interacting with it. There’s been talk about that AI creating it’s own language, confusing and surprising the tool’s authorized authors. Worthy of note is that this same phenomena was observed by Facebook a few years ago, where two AI systems it was using apparently created their own (undecipherable) language, leading to Facebook’s decision to stop using them.
DALL•E isn’t available to the public yet due to concerns of misuse, but an independent developer trained a model to do (pretty much) the same thing. That is DALL•E Mini, and anyone can experiment with the perceptions of AI as expressed by visual representations of it’s understanding of Natural Language.
It’s certainly interesting to see how AI “sees” things- and then draws from invisible palette with no hands!