Yes, the shared responsibility model long predates the cloud, but the cloud era is proving that true sharing of responsibility is more complicated than it seems, leaving enterprises less secure as a result.

  • schizo@forum.uncomfortable.business
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 months ago

    As someone who’s worked in this environment, the providers are screwed either way.

    If you do nothing, then a customer is mad that you were not secure enough and they got hacked.

    If you do something, then a customer is mad that you’ve made security changes that break their shit.

    At the end of the day, the devops people using this stuff don’t understand security, and don’t want to understand it. But no matter what the provider does, it’s wrong for some segment of their users, so like, it’s not that they won’t secure it, it’s that the feedback is negative as all hell when they do.

      • schizo@forum.uncomfortable.business
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 months ago

        Yeah we did security notices based on customers doing stupid shit, and got yelled at for “annoying” them with an email every week or two, depending on when the reports we ingested were turned into notifications.

        So many people screeching about spamming them, and harassing them, and how this was bullshit and they never had this problem with other PaaS platforms.

        …until, of course, oopsie their shit was hacked, and NOW it’s my fault we didn’t warn them enough.

        I am never working for THE CLOUD ever again, lol.