While cloud computing is now a common way to provision computing resources and outsource IT functions, security can be a (perceived) obstacle to adoption. Cloud security can be a shared responsibility, however, between the customer and provider. Read on to learn more about what to expect from a current or prospective provider, and what you can do yourself to stay secure.
Cloud Security and Why it Matters
Cloud computing, although providing multiple benefits, also presents security concerns. With compute resources available through the Internet, the greater amount of data moving between networks and devices, data which can be lost or stolen. Cloud security is a combination of technology, processes and policies that can keep your applications and data safe, reliable and available. Who ensures this, your company or the provider?
Cloud Security a Shared Responsibility
The answer is, both. In general, the provider provides and maintains the infrastructure, and the company looks after the data and applications “in” the cloud. How much responsibility either party assumes depends on the type of platform used. For instance, for Infrastructure as a Service (IaaS), the provider furnishes just that – infrastructure–and your company needs to manage the security of its own data and applications. Other platforms like PaaS and SaaS provide more oversight. Sometimes the CSP will also offer data storage and monitoring. Top providers may even offer security-by-design or layered security as well as network monitoring and identity access management.
Your Company’s Role
In general, a provider that handles more of the functions also protects more. Beginning with Infrastructure as a Service (IaaS), you secure data, applications, and control over your virtual network. With Platform as a Service (PaaS) you still handle data and applications and user access. Software as a Service (SaaS) allows you to outsource applications while still maintaining oversight of user access. Your company may need to employ multi-factor authentication for access control and train workers in password procedures.
Considerations When Seeking a Provider
When evaluating a cloud service provider, security is critical. Does your current or prospective provider offer network monitoring? One of the concerns about cloud is lack of visibility regarding who attempts to access your network; how does the provider address this? With more scrutiny of data handling and more stringent regulations, assuring that your provider follows the same regulations you do is vital.
Cloud computing, even with its benefits, carries security risks. To learn more about developing your cloud security strategy, contact your trusted technology advisor today.