Lifting the lid on cloud security responsibilities
Welcome to the first in a series of blogs covering topics about cloud migration I think many readers will benefit from. This first one is about cloud and the security issues surrounding it. Many organisations we provide services to have adopted a strategy to migrate their compute workloads to cloud. I often hear the motivation for this strategy is the misconception that cloud is inherently more secure than selfhosting - just because it’s “cloud”. But, is it?
There is no doubt that cloud providers take their own responsibilities for security and compliance very seriously but were you aware that securing your data in the cloud is actually your responsibility.
AWS And Microsoft Azure have made it very clear where their responsibility for security and compliance stops and where the customers responsibility begins. This is referred to as the shared responsibility model as shown below.
AWS Shared Responsibility Model
Azure Shared Responsibility Model
Ever heard the saying the cloud is just someone else’s computer? The cloud provider is responsible for the security of the cloud, i.e. the underlying infrastructure, physical facilities, etc. The customer of the cloud provider is responsible for the security of the data in the cloud and the security of any virtual machines, OS patches and applications, etc in it.
So, what does this mean? Without the appropriate controls in place, it could be the user of the cloud services, not the cloud provider, who fails to manage the controls necessary to protect their data that’s hosted in the cloud - Gartner estimates that by 2022, at least 95% of cloud security failures will be the customer’s fault. As the responsibility for your data lies with you, you’ll need to ensure that any controls and policies you have in place for a locally hosted solution, extends to the cloud too.
The cloud is only as secure as you make it, and with security “threat actors” becoming more and more advanced, it is more important now than ever to not only choose a secure cloud provider, but also to ensure data you host in the cloud is secure.
If you are developing a cloud strategy or considering moving additional workloads to the cloud, then come and talk to us about how to develop your own security strategy, to make your move to the cloud as safe as everyone thinks it should be.