Tag Archives: more than RBAC

Protecting ITaaS Consoles

ITasaServiceThere has been quite a bit written about Code Spaces and how unauthorized access to its ITaaS console granted enough permissions to delete everything out of Amazon, including backups. There are lessons here not only for tenants, but also for those vendors who create ITaaS consoles, such as VMware (vCHS, vCD, vCAC, vCenter, Orchestrator, etc.), Virtustream (xStream), OpenStack, and many others. These consoles need better controls and security so that such behavior is prevented, logged, and monitored, and the proper authorities are informed. Now, we may think this is a cloud-only attack, but we use these tools within our own environments day in and day out. For anyone using virtualization, private, or hybrid cloud consoles and automation tools, it is time to take a good long look at role-based access controls (RBAC). The steps we discussed at the end of my other lessons article still apply.  Continue reading Protecting ITaaS Consoles