While the cloud has simplified some aspects of IT management such as capacity planning and storage, it has complicated the process of securing computing assets in two distinct ways. The shared nature of security in the cloud and the increased number of potential gaps or oversights make it difficult to protect enterprise information. Here are some suggestions that can help protect your company’s cloud environment.
Knowing Your Role in Cloud Security
A full understanding of how cloud security is shared and implemented is necessary for each provider and model an organization uses. Substantial differences in responsibility are associated with different cloud models. Some providers may perform a larger or smaller part in protecting your systems.
An illustrative example can be seen in the way Microsoft defines the shared security responsibilities customers can expect when engaging them as their provider. Depending on if an organization is using an SaaS, PaaS, or IaaS solution, the responsibilities for certain aspects of security may shift from customer to provider. Some security elements are always the customer’s responsibility.
Customers are always responsible for protecting accounts, identities, data resources, and devices. This includes traditional computing platforms as well as mobile devices. Conversely, Microsoft assumes responsibility for the physical hosts, networks, and data centers that it provides to its customers.
Gray areas exist surrounding the security of applications, network controls, and operating systems. In SaaS solutions, security is performed by the provider, while it is the customer’s responsibility when the IaaS model is employed. When PaaS solutions are in play, both customer and provider share the task of providing security. This is where the majority of cloud security issues occur and where organizations need to have a full understanding of what they need to do to protect their cloud resources.
Locking all the Doors
The cloud increases the number of attack vectors exponentially. The theoretical ability to access cloud resources from any mobile device results in an environment where each device needs to be secured from use by unauthorized actors. It’s convenient for the account team to access the sales database from their iPads, but can also be very dangerous. A lost or stolen device can compromise vast quantities of corporate data.
Another characteristic of cloud services is that access is required by the provider’s staff while performing administrative duties. This introduces an additional population of potentially malicious actors with the ability to mishandle data or engage in more harmful activities such as introducing malware to an environment. It is extremely hard to eliminate these risks. Robust monitoring can help identify anomalies that may indicate misuse of enterprise cloud resources.
Maintaining security should be the top priority of any organization that takes advantage of cloud computing resources. It’s a complicated task, but one that is essential to the safety of the enterprise data assets stored in the cloud.