January 17, 2019 by tushumane
Vulnerable Cloud Solution Provisioning:
Suppose you decided to include cloud connectivity for different cloud providers into your solution and deliver it to your client then have you made sure of:
- The certificate and keys needed will need to be uploaded by the client end user, what if he intentionally or by mistake can not keep them secure?
- What if the solution developer(s) have made a backdoor to steal the keys and certificates?
- if certificates and keys are not maintained securely, the third person can not only use it for data theft but also he/ she can use those to get hold of other cloud services. He/ She can sale the data to competitors, marketing agencies etc.
- Or the other way around, backdoor developer along with someone from the management level can sell the data to competitors or marketing agencies and earn the money.
- Client end user along with his mates can use other cloud services and in the end, the client has to pay for the cloud provider’s bill every month.
So how can we avoid this:
Cloud Provisioning- Safely Played:
Clients themselves write the code to use certificate and keys to connect to the cloud provider, test the stub with dummy/ temporary account and finally deploy it as middleware between vendor solution and their premise/ data centers.
This way the client can be sure of getting rid of backdoors in the vendor solutions, and later consequences.
As far as the client end user is concerned, the keys and certificates would be valid for 6 hours. Again Public Key Infrastructure would generate a new set of keys and certificates. This way clients can be sure of having internal conflicts/ issues.
Be secure, be transparent, happy clouding …
waiting for suggestions and feedbacks …