There are two big misconceptions about cloud security. The first misconception is that cloud isn’t secure. The second, more important misconception is that cloud security isn’t your responsibility.
Cloud Is Secure
The misconception that the cloud isn’t secure has obvious roots: using cloud makes the corporate network perimeter harder to define, prevents you from having full visibility and control over the network and security, and places your data and applications on shared servers. It’s no wonder the risk of exposure feels high.
That feeling might be justified if businesses were doing a good job maintaining high levels of security in the data center, but the reality is that they aren’t. Most businesses don’t have big staffs of information security experts configuring the latest high-tech security tools and poring over log files for subtle signs of breaches; most businesses don’t even effectively apply patches over all their systems in a timely fashion.
Cloud providers, however, do have big staffs of information security experts. Their entire business depends on delivering secure computing environments to their customers, and they have the motivation and resources to make sure their defenses are up-to-date and systems are monitored. Many cloud providers are able to deliver environments certified for compliance with leading industry standards, a testament to the controls they’re able to enforce.
Cloud Security Is Your Responsibility
So if the cloud providers are delivering highly secure environments, how is cloud security still your responsibility?
The reason is that cloud security doesn’t just depend on keeping bad actors out of the cloud environment. Cloud security requires keeping bad actors out of your applications and your data. Since only you can determine who is authorized to access your data, you still need to put in place the proper controls around user access and still need to review logs to monitor for inappropriate access.
A big part of that control comes from how you configure your systems and how you assign privileges to your users. Many cloud resources default to public access, and you need to change the settings to suit your needs. You also need to manage user identities and privileges just as you would if your resources were still in your data center. You still need to review logs and monitor user access to your systems to make sure no unauthorized usage occurs.
In addition, cloud makes it much easier for your employees to use IT technology that isn’t under your tech team’s control. These users may be less aware of security risks and your security and compliance responsibilities. It’s important to use tools to discover this shadow IT and bring those resources under control.
Start With a Plan
Your cloud security plan should start as soon as you start considering cloud. Make sure you do due diligence and assess your cloud provider’s security controls before you sign your contract. Understand how they provide security for your resources and where the boundary between their responsibility and your responsibility lies. Be sure you understand how you will communicate with them and how they will support you in investigating any potential security incidents.
Include security training as part of your cloud migration, both for business users and the technology team who will support the cloud. Make certain to validate configurations for appropriate security settings before shifting production operations to the cloud.
Don’t be misled by cloud security misconceptions. Download VAST IT Services top 3 recommendations for cloud security and take time to learn what else you should do to ensure the safety of your data in the cloud.
