skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

Public cloud services have been a welcome revolution that has transformed infrastructure provision. However, there are several potential downsides that can be mitigated with good governance.

Software-defined everything has risks as well as benefits

The continuous stream of reported security incidents is a reminder of a key issue with software-defined everything – a slip by a single person can result in significant exposure for an entire organization. A recent incident, like many others reported in the media, was due to a contractor misconfiguring database security settings, exposing sensitive personal information of 50,000 people.

In traditional infrastructure management there are two main things that limit the consequences of misconfiguration. Firstly, network settings are largely independent of what's done at the server level, so a small server security misconfiguration is most likely going to be protected from external access by several layers of "defense in depth," and regular internal penetration testing will find the fault and rectify the issue. Secondly, there are usually at least two people from the infrastructure team involved in staging a new service – a server and a network administrator. As in financial transactions, having two people involved considerably reduces the risk of an error passing unnoticed.

A simple measure in the cloud can reintroduce these checks and balances: only allowing engineers to stand up configurations from a pre-tested library.

All good orchestration tools permit permissions to be limited by role. Good governance of cloud infrastructure will remove "create a new configuration" permissions from operational staff. This one simple step can reduce both cost, by engineers selecting from a pick list rather than manually configuring an instance, and the risk of misconfiguration exposing private data to the world.

Appendix

Further reading

Cloud Security: An Enterprise Guide, IT0022-00050 (December 2015)

Author

Richard Palmer, Principal Analyst, Public Sector

richard.palmer@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Internet of Things

    IoT Viewpoints 2018

    IoT Viewpoints explore the IoT opportunity in 2018 and beyond. Download our latest e-book to get our newest collection of thought leadership articles on the emerging IoT trends, technologies and opportunities.

    Topics IoT

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now