Video: Could a single breach in the cloud affect all customers? (Black Hat 2016)

Guest blog by David Spark, Spark Media Solutions

“When you put all your data in one spot there’s this aggregation going on. There’s a potential that one issue could lead to lots of problems for organizations. We’ll call that a systemic risk,” said Jake Kouns (@jkouns), CISO for Risk Based Security, in our conversation at the 2016 Black Hat conference in Las Vegas. “Companies are a little concerned that now a problem with your neighbor in the cloud could lead to problems with your data.”

A traditional data breach would have to happen 1000 times to infect 1000 companies, said Kouns. But now there’s a possibility that one authorized access could infect 1000 companies.

Kouns, like many others, advises to ask lots of questions of one’s cloud provider when making the move the cloud. Given the potential for systemic cloud risk, ask what the cloud provider is doing to prevent cross-contamination from one client to another. What’s being shared? Ultimately, you want to know your potential exposure.

Much of cloud security isn’t necessarily about what hardening techniques one has in place, but rather what legal agreements a company has with its cloud provider, outlining who’s responsible for what security measures.

This is important because so often Kouns’ clients don’t realize their responsibilities. They just assumed it’s all being handled in the cloud.


Single Cloud Breach – Black Hat 2016 from CloudPassage.

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts