Cloud security: a shared responsibility

Posted by Claude Gagne_ on Feb 13, 2019 9:46:12 AM
Cloud security - Present

A few days ago, I had a meeting with Mark, a client with whom over the years, a solid relationship of trust has developed. After a while, the conversation turned to the security of the public cloud.

Claude, as you know, our company understands the importance of using IT technology as a lever for growth. Among these technologies, the public cloud has undeniable advantages. But I ask myself questions about its security as the media is always echoing some sort of security issue.

What do you think?

Mark, if I understand you correctly, you think that certain cloud services make sense for your company, but that the associated security risks are a hindrance to their implementation.

Absolutely.

First of all, you are certainly not the only one to ask yourself these questions, even if the fear of cloud security is diminishing as the adoption of cloud continues to grow.

But let’s go back to the basics.

 

Security

Security is the protection of data, applications, and data center or public cloud infrastructures. Security in public environments is similar to that of an on-site architecture. One main difference though, is that inside your walls, you control everything. While in the cloud, the responsibility for security is shared between your team and the provider, since the servers and physical infrastructure are not controlled by your company.

 

The public cloud

When we talk about public cloud, we are actually referring to 3 models namely IaaS, PaaS and SaaS.

And the extent of responsibility of the cloud service provider, and therefore that of the customer depends on the model used.

From this perspective, AWS and Azure's shared responsibility approach is identical.

Both distinguish the security of the cloud as the responsibility of the provider and the security in the cloud as the responsibility of the customer.

 

Responsiblity zones-Cloud-Present

 

So Claude, do you mean to tell me that in the news worthy security breaches we heard about, the cloud providers had no responsibility?

In most cases, the security breaches were the responsibility of the customers.

And to quote Gartner: By 2022, at least 95% of cloud security failures will be attributable to customers.

This means that a very small percentage is attributable to cloud providers. This is why it is so important to do business with trusted companies that have the means to honor their share of responsibilities.

So what you are saying is that the public cloud, subject to doing business with quality providers, is safer than my data center?

Absolutely. Vendors like Amazon Web Services are aware of being prime targets. They are therefore extremely picky about the security of their infrastructures and implement very advanced security methods such as filtering technologies based on artificial intelligence.

It's better to have your data with a provider who is properly securing their infrastructure and has been certified to the highest security standards than having your data in your own infrastructure with poor security.

Thank you Claude for this information. It’s much clearer now, I feel more reassured and ready to look at how my organization could benefit from cloud services. What would you suggest as a next step?

I'm very happy that I could help you with your questions on cloud security. As a next step, I suggest you proceed with a Cloud Assessment.

 

Cloud Assessment

The ultimate goal of this service is to determine the benefits, challenges and ROI of potential cloud initiatives.

This involves discovering the current applications and infrastructure used, determining the target architecture, as well as alternate migration paths.

Present's cloud assessment will show you the best path to success and cost saving. Click below to find out more.

 

New call-to-action 

 

 

Topics: Cloud, IT security

About this blog

The right use of technology addresses business challenges and drives business growth in all areas of an enterprise.  We hope this blog will offer insight into developing strategies and tactics to enable you to identify those key drivers of growth and keep pace with and anticipate the rapid technology change of today.

Subscribe to Blog Updates by email

Protecting your business assets: Lower your risks with a disaster recovery plan

Recent Posts