Emergent (In)Security of Multi-Cloud Environments
- URL: http://arxiv.org/abs/2311.01247v1
- Date: Thu, 2 Nov 2023 14:02:33 GMT
- Title: Emergent (In)Security of Multi-Cloud Environments
- Authors: Morgan Reece, Theodore Lander Jr., Sudip Mittal, Nidhi Rastogi, Josiah Dykstra, Andy Sampson,
- Abstract summary: A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments.
The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures.
We conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures.
- Score: 3.3819025097691537
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: As organizations increasingly use cloud services to host their IT infrastructure, there is a need to share data among these cloud hosted services and systems. A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. When an organization grows their multi-cloud environment, the threat vectors and vulnerabilities for their cloud systems and services grow as well. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures to best defend a multi-cloud environment against attacks. Utilizing multiple industry standard risk analysis tools, we conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures. The prioritizations from the analysis showed that authentication and architecture are the highest risk areas of threat vectors. Armed with this data, IT managers are able to more appropriately budget cybersecurity expenditure to implement the most impactful mitigations and countermeasures.
Related papers
- Risk-Aware Sensitive Property-Driven Resource Management in Cloud Datacenters [1.103311584463036]
We propose an efficient risk-aware sensitive property-driven virtual resource assignment mechanism for cloud datacenters.
We have used two information-theoretic measures, i.e., KL-divergence and mutual information, to represent sensitive properties in the dataset.
Based on the vulnerabilities of cloud architecture and the sensitive property profile, we have formulated the problem as a cost-drive optimization problem.
arXiv Detail & Related papers (2025-02-04T21:10:34Z) - Federated Instruction Tuning of LLMs with Domain Coverage Augmentation [87.49293964617128]
Federated Domain-specific Instruction Tuning (FedDIT) utilizes limited cross-client private data together with various strategies of instruction augmentation.
We propose FedDCA, which optimize domain coverage through greedy client center selection and retrieval-based augmentation.
For client-side computational efficiency and system scalability, FedDCA$*$, the variant of FedDCA, utilizes heterogeneous encoders with server-side feature alignment.
arXiv Detail & Related papers (2024-09-30T09:34:31Z) - Reflection of Federal Data Protection Standards on Cloud Governance [0.0]
This research focuses on cloud governance by harmoniously combining multiple data security measures with legislative authority.
We present legal aspects aimed at the prevention of data breaches, as well as the technical requirements regarding the implementation of data protection mechanisms.
arXiv Detail & Related papers (2024-02-26T17:04:01Z) - CloudLens: Modeling and Detecting Cloud Security Vulnerabilities [15.503757553097387]
Cloud computing services provide scalable and cost-effective solutions for data storage, processing, and collaboration.
Access control misconfigurations are often the primary driver for cloud attacks.
A planner generates attacks to identify such vulnerabilities in the cloud.
arXiv Detail & Related papers (2024-02-16T03:28:02Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Exploring Security Practices in Infrastructure as Code: An Empirical
Study [54.669404064111795]
Cloud computing has become popular thanks to the widespread use of Infrastructure as Code (IaC) tools.
scripting process does not automatically prevent practitioners from introducing misconfigurations, vulnerabilities, or privacy risks.
Ensuring security relies on practitioners understanding and the adoption of explicit policies, guidelines, or best practices.
arXiv Detail & Related papers (2023-08-07T23:43:32Z) - Towards Confidential Computing: A Secure Cloud Architecture for Big Data
Analytics and AI [0.0]
Cloud computing has become a viable solution for big data analytics and artificial intelligence.
Data security in certain fields such as biomedical research remains a major concern when moving to cloud.
arXiv Detail & Related papers (2023-05-28T16:08:44Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
ThreatKG is an automated system for OSCTI gathering and management.
It efficiently collects a large number of OSCTI reports from multiple sources.
It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
arXiv Detail & Related papers (2022-12-20T16:13:59Z) - Analyzing Machine Learning Approaches for Online Malware Detection in
Cloud [0.0]
We present online malware detection based on process level performance metrics and analyze the effectiveness of different machine learning models.
Our analysis conclude that neural network models can most accurately detect the malware that have on the process level features of virtual machines in the cloud.
arXiv Detail & Related papers (2021-05-19T17:28:12Z) - A System for Automated Open-Source Threat Intelligence Gathering and
Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management.
It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.