Closing the Security Gap in Hosted Environments
Internet network operators have built the backbone on which the Internet is thriving. Almost half of the top 100,000 most visited websites run on their platforms. This infrastructure as a service model has been successful because hosting operators reduce the complexity and cost of building and maintaining infrastructure, allowing customers to focus on the content and commerce needs of their business.
While the rise of cloud computing has been positive, unintended consequences have arisen from the responsibilities gap created between providers and customers. Exploiting common vulnerabilities in popular technology platforms, malicious actors have found a low cost and effective method to obfuscate their behavior on the Internet. By hiding in the shadows of legitimate business, they evade detection and attribution by their downstream victims. One of the most common examples of this is when malicious actors identify and compromise nodes by exploiting vulnerabilities that exist in common content management systems like WordPress and Drupal. Once compromised, attackers fade away into the legitimacy of their unsuspecting hosts and behind normal web traffic. They flourish between the traditional role of providers and the security expertise of customers. And because most of this infrastructure is here in the United States, the statistical majority of malware gets distributed from US hosting providers, unbeknownst to either the provider or the customer.
With a few simple steps, we can advance how we work together to address the gaps in visibility and transform our traditional roles and responsibilities:
- Acknowledgement: Appreciate the duality that infrastructure as a service offers. The same scalability and usability afforded to legitimate businesses are equally given to malicious actors.
- Hygiene: Important and simple practices can drastically reduce the risk of compromise and unwanted traffic, including but not limited to regular and complete patching and strong unique passwords.
- Collaboration: Get the specifics to customers. Companies that work with security research companies and their customers are likely to find new business opportunities in security.
To read the full article, click here: http://www.thewhir.com/blog/closing-security-gap-hosted-environments