Home Forums SQLServerCentral.com Editorials Faster Cloud Warehouses RE: Faster Cloud Warehouses

  • January 24, 2019 at 9:59 am

    #2019996

    Steve Jones - SSC Editor - Thursday, January 24, 2019 9:13 AM

    roger.plowman - Thursday, January 24, 2019 7:49 AM

    The security aspects (from an attack surface perspective) are APPALLING.

    Given that every Tom, Dick, and Harry on the PLANET can potentially see the DB and try to hack it, the liability is simply breathtaking.

    Yes, security can exist. But...we already know that security and the net are mutually exclusive. The defenders need to cover every single potential weakness (and realistically, this number might as well be infinite). The attacker only needs ONE.

    Not to mention the number of potential inside attackers explodes from the company's own employees to the vendors employees, their contractors, any hackers that may have corrupted insiders or compromised systems--of either the company or vendors or vendor contractors... Need I remind you of the hack that resulted from an HVAC company being compromised? Really? An *H/VAC* company????

    Seriously, has everyone forgotten attack surface in the rush to chase that pretty rainbow unicorn right into the wood chipper?

    Why do you think the attack surface is horrible? By default, this has no access from anywhere. Most of the people moving to Azure don't open a 0.0.0.0 firewall rule. Access is limited to specific IPs or subnets.

    It doesn't have any access until it does. Sigh.

    If you can get to it via the net that opens an access route for any hacker anywhere on the planet to get to it, provided they find a way. Given the inherent complexity of cloud systems the attack surface is much larger than an on-site server that has one carefully shielded point of entry.

    1. There are more companies involved, thus far more employees that can be compromised and/or corrupted.
    2. There are many more computers, routers, etc. between you and your data.
    3. There are more computers involved directly (failover, virtual systems, containers and the like).
    4. There are many companies data concentrated in one place, making it a big juicy target.

    The more complex the system the more attack surface it has. The more people involved the exponentially higher possibility for A) procedural error, B) configuration error, C) corruption, D) disgruntled employees.

    Thus an infinitely larger attack surface. Just look at all the supposedly secure systems that have been hacked in 2018 alone.

    It's a case of the Emperor's new clothes in cyber-space.