In doing postmortems on breaches of applications and data sets in the cloud, problems are often traced back to communication. Frequently, it’s not issues with computer-to-computer communication, but communications with the humans designing the cloud-based systems and those who are charged with its security.
The applications using modern mechanisms such as containers, Kubernetes, and microservices are often missing security vulnerabilities that they are exposing. The analogy I like to use is that architects are designing the best smart building known to the world but not installing locks. The locks needed to be engineered into the building during the design and not be an afterthought, as they often are in the world of cloud system security.
InfoWorld Cloud ComputingRead More