Cross-tenant cloud attacks: Still a myth?By CIOAdvisor Apac | Friday, November 30, 2018
The flexibility of work practices and scalability enables cloud infrastructures to regulate fluctuating workloads accordingly. Large enterprises turn to the cloud for a cost-effective method of running resource-intensive applications while maintaining a balance between both private and public clouds for their workloads. Small-to-medium businesses and start-ups mostly prefer public clouds for ease of feasibility, its cost-effectiveness, and security purposes.
Service providers have a clear demarcation between the data of one customer and another. It doesn’t matter if the customer has rented the cloud services temporarily or on a regular basis, the data is safe. Virtual private cloud, encryption and API keys provide the much-needed data security. Encryption also protects against hacking that comes from outside the cloud. Most enterprises encrypt their data on public clouds, both in-flight and at rest. Even if a tenant could access server instances held in other tenants’ account, reading the data will still be restricted.
Public cloud providers implement security systems that can restrict any cross-tenant attack. The tenant-management systems handle resources for many tenants at the same time, which indeed is a legitimate concern for enterprises leaving room for a healthy level of skepticism about security in cloud services. But there are sufficient virtual demarcations between the numerous tenants, which ensure the security of multi-tenant systems. Multi-tenancy is the core necessity of cloud computing. After incorporating the required degree of multi-tenancy into all the layers of public and private clouds, only then can an enterprise achieve improved scalability, agility, and economies of scale.
If an individual takes basic security precautions in the cloud along with the adaptive mitigation mechanism of the service providers, there is no need to stress over the possibility of cross-tenant cloud attack.