Automating Cloud Security to Mitigate Risk | SANS Whitepaper
As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. In February 2017, Tavis Ormandy of the Google Project Zero team exposed major memory leakage in Cloudflare’s Content Delivery Network (CDN) web caching services. It exposed all sorts of sensitive data, including passwords, authentication tokens and cookies. Although this is just one example of a cloud-oriented service with a major security issue (which, for the record, the company responded to immediately and remediated quickly), it demonstrates that all of us may have more exposure points than we realise.