☁ïļ Cloud Security

Episode 2:Cloud security

1. The Story

Story from HKCERT animation videos

Ah Jin runs a retail company. He got hacked because his self-built server was outdated. A security consultant advised him to move to the Cloud. However, he almost got hacked again because he thought "Cloud" meant "Automatic Security."

2. The Trap

🔓
Misconfiguration (配į―ŪéŒŊčŠĪ)

Ah Jin put customer data on the cloud but didn't set passwords or permissions. This is like leaving your house door unlocked.

ðŸ’Ą Lesson: Just because it's on the Cloud doesn't mean it's locked.

3. Who does what?

ðŸĪ
Shared Responsibility Model
  • Vendor's Job: Fix the hardware, power, and internet cables.
  • YOUR Job: Set passwords, manage who has access, and encrypt files.

4. The 5 Steps to Safety

  1. Read the Manual: Check configuration guides.
  2. Test It: Verify your security settings work.
  3. Check Logs: Look for suspicious activity records.
  4. MFA & Encryption: Use Multi-Factor Authentication and encrypt files.
  5. Backups: Always keep a copy of your data.

📝 Quiz Time