Cybersecurity

5936 readers

15 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

[Opinion] Cloud providers must own up to their part in the current state of insecurity (www.csoonline.com)

submitted 4 months ago by [email protected] to c/cybersecurity

4 comments fedilink hide all child comments

Yes, the shared responsibility model long predates the cloud, but the cloud era is proving that true sharing of responsibility is more complicated than it seems, leaving enterprises less secure as a result.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 6 points 4 months ago (1 children)

As someone who's worked in this environment, the providers are screwed either way.

If you do nothing, then a customer is mad that you were not secure enough and they got hacked.

If you do something, then a customer is mad that you've made security changes that break their shit.

At the end of the day, the devops people using this stuff don't understand security, and don't want to understand it. But no matter what the provider does, it's wrong for some segment of their users, so like, it's not that they won't secure it, it's that the feedback is negative as all hell when they do.

[–] stringere 2 points 4 months ago (1 children)

So much of my job in security was getting people to sign off on risks they would not patch.

[–] [email protected] 2 points 4 months ago

Yeah we did security notices based on customers doing stupid shit, and got yelled at for "annoying" them with an email every week or two, depending on when the reports we ingested were turned into notifications.

So many people screeching about spamming them, and harassing them, and how this was bullshit and they never had this problem with other PaaS platforms.

...until, of course, oopsie their shit was hacked, and NOW it's my fault we didn't warn them enough.

I am never working for THE CLOUD ever again, lol.