Saved in:
Bibliographic Details
Main Authors: Reece, Morgan, Lander Jr., Theodore, Mittal, Sudip, Rastogi, Nidhi, Dykstra, Josiah, Sampson, Andy
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2311.01247
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914645657255936
author Reece, Morgan
Lander Jr., Theodore
Mittal, Sudip
Rastogi, Nidhi
Dykstra, Josiah
Sampson, Andy
author_facet Reece, Morgan
Lander Jr., Theodore
Mittal, Sudip
Rastogi, Nidhi
Dykstra, Josiah
Sampson, Andy
contents As organizations increasingly use cloud services to host their IT infrastructure, there is a need to share data among these cloud hosted services and systems. A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. When an organization grows their multi-cloud environment, the threat vectors and vulnerabilities for their cloud systems and services grow as well. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures to best defend a multi-cloud environment against attacks. Utilizing multiple industry standard risk analysis tools, we conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures. The prioritizations from the analysis showed that authentication and architecture are the highest risk areas of threat vectors. Armed with this data, IT managers are able to more appropriately budget cybersecurity expenditure to implement the most impactful mitigations and countermeasures.
format Preprint
id arxiv_https___arxiv_org_abs_2311_01247
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Emergent (In)Security of Multi-Cloud Environments
Reece, Morgan
Lander Jr., Theodore
Mittal, Sudip
Rastogi, Nidhi
Dykstra, Josiah
Sampson, Andy
Cryptography and Security
As organizations increasingly use cloud services to host their IT infrastructure, there is a need to share data among these cloud hosted services and systems. A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. When an organization grows their multi-cloud environment, the threat vectors and vulnerabilities for their cloud systems and services grow as well. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures to best defend a multi-cloud environment against attacks. Utilizing multiple industry standard risk analysis tools, we conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures. The prioritizations from the analysis showed that authentication and architecture are the highest risk areas of threat vectors. Armed with this data, IT managers are able to more appropriately budget cybersecurity expenditure to implement the most impactful mitigations and countermeasures.
title Emergent (In)Security of Multi-Cloud Environments
topic Cryptography and Security
url https://arxiv.org/abs/2311.01247