Treacherous 12 Part 12: Shared Technology Vulnerability
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Treacherous 12, number 12,
00:00
Shared technology vulnerability.
00:00
In this lesson, we're talking about the risk of
00:00
shared technology vulnerabilities in the Cloud,
00:00
the impact of shared technology,
00:00
and techniques to address the risks
00:00
of shared technology vulnerabilities.
00:00
Shared technology vulnerabilities,
00:00
one of the best aspects of
00:00
Cloud computing is the ability to achieve economies of
00:00
scale by utilizing the computing infrastructure
00:00
of cloud service providers
00:00
and utilizing Cloud applications produced by
00:00
other companies to help it get its competitive advantage.
00:00
However, this introduces a host of risks,
00:00
especially shared technology vulnerabilities.
00:00
With multi-tenancy,
00:00
where organizations are sharing
00:00
underlying infrastructure in public,
00:00
Cloud as a service offerings,
00:00
as well as the operating systems and various vendors
00:00
whose applications you may be utilizing in
00:00
the Cloud to augment your business processes.
00:00
There are going to be different vulnerabilities.
00:00
With the increase in the number of
00:00
third parties and organization leverages,
00:00
there's going to be an increase in
00:00
the vulnerabilities and with
00:00
each organization accountable for maintaining
00:00
the patching of their vulnerabilities, this risk grows.
00:00
There have been many high level data
00:00
breaches that occurred through compromising
00:00
a third party supplier and then being able to
00:00
leverage their access to get into the network.
00:00
I know this happened with Home Depot where,
00:00
I believe is like an HVAC vendor
00:00
which had to connect to their network.
00:00
Ultimately it was compromised
00:00
and then that led to a compromise
00:00
of the Home Depot point of sale systems.
00:00
In terms of controls,
00:00
the most important one is third-party due diligence
00:00
to ensure that any third parties you're
00:00
leveraging whether to Cloud service provider
00:00
or SaaS applications,
00:00
you're going to leverage to improve your business,
00:00
have effective patching and security controls in place.
00:00
Then you also want to make
00:00
sure that you're being a good steward of
00:00
technology vulnerabilities by identifying and patching
00:00
vulnerabilities within your Cloud environments
00:00
as quickly as possible.
00:00
Another thing is to have identity.
00:00
It chooses to use an intrusion detection
00:00
and intrusion prevention system in place
00:00
to capture or identify any vulnerabilities
00:00
that may be exploited and then
00:00
have a system in place to analyze and
00:00
look at trends within your network to
00:00
maintain security so that you can kick
00:00
off incident response and
00:00
contain any exploitation of vulnerabilities.
00:00
Then if you're a developer organization
00:00
that's developing technology,
00:00
that's being leveraged in the Cloud
00:00
by other organizations,
00:00
if you discover a vulnerability in your software,
00:00
you should patch it and disclose that vulnerability
00:00
to your customers in a very timely manner.
00:00
Expectations around disclosures of
00:00
vulnerabilities continue to accelerate.
00:00
Organizations used to be able to wait a month or
00:00
so after discovering a vulnerability,
00:00
before rolling out a patch for it.
00:00
However, as soon as vulnerabilities are discovered,
00:00
they are often and quickly exploited now.
00:00
So the companies need to work extra
00:00
hard to patch vulnerabilities
00:00
they discovered in their own systems and
00:00
share that knowledge with their customers.
00:00
Really only one critical question here to reflect on.
00:00
How many third parties are you leveraging in the Cloud?
00:00
Because the Cloud offers
00:00
so much flexibility when
00:00
it comes to what system do we want to
00:00
use and spinning up infrastructure and
00:00
utilizing third parties to do all number of
00:00
tasks from Access Security to security monitoring in
00:00
the Cloud or Cloud applications that we're
00:00
leveraging to brew our business such as ERP systems.
00:00
It's important for companies to just keep
00:00
track of how many third parties are out there.
00:00
Because the more shared services that you rely on,
00:00
the more point of connection they're into your network
00:00
and that increases the risk
00:00
of third-party vulnerabilities.
00:00
In summary, we've talked about the impact
00:00
of shared technology vulnerabilities.
00:00
We talked about how this is
00:00
particularly pertinent risk in the Cloud environment.
00:00
We also talked about methods to address
00:00
the risks of shared technology vulnerabilities.
00:00
This concludes our final threats in the Treacherous 12.
00:00
I'll see you in the next lesson.
Up Next
Instructed By
Similar Content
