Shared responsibility
What is your immediate feeling when you hear ‘Shared Responsibility Model’ with regards to Cloud?
It never seemed (to me) to be a great relief to anyone. Unless it’s an answer to an audit question…
The write up by Tenable below is good and thorough. Arguably, comms coming from MS have not been.
Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform
A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets). Background The issue occurred as a result of insufficient access control to Azure Function hosts, which are launched as part of the creation and operation of custom connectors in Microsoft’s Power Platform (Power Apps, Power Automation).
I didn’t realise until today that there’s no independent, standardised CVE-like system for Cloud vulnerabilities. That got an eyebrow raise from me.
(I’m not picking on Azure or MS here. I’ve just been spending some time with it to balance AWS knowledge).