What Log4j Can Teach Us About Cloud Security

Ermetic's co-founder Shai Morag writes for eWeek about best practices for improving cloud defenses in light of the Log4j attacks.

Log4j is causing a logjam of concern among cybersecurity professionals, but it should also be a wake-up call to improve their organization’s overall cloud security posture.

By now, we’re all busy addressing threats that exploit vulnerabilities found in the Apache Log4j library, which is an open source software that’s used to communicate diagnostic messages to system administrators and network users. These vulnerabilities can include everything from serving the omnipresent 404 error message to logging routine events.

What makes this vulnerability so alarming is the widespread use of Log4j across all kinds of applications. It’s in popular games like Minecraft and in the infrastructure of cloud servers, including Amazon Web Services (AWS) and Apple iCloud.

Shai says that the more securely we configure our cloud environments, the harder it will be for bad actors to exploit these vulnerabilities. To do that he suggests concentrating on phasing out permanent credentials, keeping track of third-party access and compliance, and limiting excessive permissions.

To read the entire article click here.