« Previous 1 2 3 4
Arm yourself against cloud attacks
Stormy Weather
The Tiresome Subject of Billing
A final threat scenario in the cloud is less a concrete technical threat and more a commercial one: How does a cloud customer avoid being overcharged? After all, all providers promise "by-the-minute billing" and billing exclusively for resources used.
At least in the standard situation, you are dependent on trusting the figures shown in the invoice because the systems in the cloud, which collect all user data, are usually inaccessible to the customer. How can you protect yourself effectively and efficiently against abuse of accounting sovereignty?
The answer is as simple as it is frustrating: you can only protect yourself effectively if you take your own measurements and regularly compare them with the provider's figures. Slight differences are unavoidable, but major differences will quickly be noticed and allow you to ask the provider for further information.
Unfortunately, only those who use software like Prometheus or InfluxDB, which can process the time series data and store it for a long time, can perform these measurements. Additionally, software is needed to collect metric data on the target systems – and both together can cause some administrative overhead.
At the end of the day, images and containers with Prometheus and like monitoring tools exist and can be put into operation quickly in all environments. Rolling out the Prometheus Node Exporter or TICK Stack Telegraf is also easy. The reward for all this effort is a reliable database that allows you to detect inconsistencies quickly (Figure 5).
Infos
- Microsoft Corp. v. United States: https://en.wikipedia.org/wiki/Microsoft_Corp._v._United_States#Supreme_Court
- ISO 27001: https://www.iso.org/standard/54534.html
- SOC2 C5: https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Controls_Catalogue/Compliance_Controls_Catalogue.html
- PCI DSS: https://www.pcisecuritystandards.org
- C5 Compliance Controls Catalogue: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/CloudComputing/ComplianceControlsCatalogue-Cloud_Computing-C5.pdf?__blob=publicationFile&v=3
- Security groups in AWS: https://docs.aws.amazon.com/de_en/AWSEC2/latest/UserGuide/using-network-security.html
- Security groups in OpenStack: https://docs.openstack.org/nova/stein/admin/security-groups.html
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)