Hello, welcome to the Wednesday, May 6th, 2020 edition of the Sands and at Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Cloud providers are continuously adding security features to their offering, whether it's

AWS or Microsoft, and a couple of readers

actually asked whether or not you even still need sort of your own security team, your own

security tools, or whether you could just essentially let it all go and have the cloud

providers take care of it.

So Russ wrote up a quick diary about this topic and, well, the quick summary is, well,

not quite. While you definitely should take advantage of whatever features your cloud provider

offers and you certainly need to stay in touch with your cloud provider, so you

know what the latest offerings are. Often, they're already included in whatever plan you sign up for,

but you still need to take care of configuration of your systems, configuration of these security

systems. And of course, you also need, configuration of these security systems.

And of course, you also need to understand what these security systems are doing for you and what, for example, all the messages and the configuration options mean.

So while cloud providers certainly have come quite a away and have realized that users need help

with some of the specific cloud challenges, you still need a security program because in the

end only you know what your data is worth and how it has to be protected.

And then we have a critical update from Citrix for ShareFile storage zone controllers.

Apparently, the flaw allows that hacker to gain access to the storage zone controller

without authentication and modify the configuration.

And of course, in doing so, that hacker would then gain access to

users' documents and folders as Citrix states. There are three vulnerabilities being addressed

...