When cloud infrastructure was first coming to the market, there was concern that data would not be secure. There was uncertainty of where the data resided and a sense of losing control of one’s environment. As the rise of the big three cloud providers (Amazon, Microsoft, and Google) led governing bodies to formally address the cloud marketplace, sentiment began to swing the opposite direction and the belief became that data was ultimately more secure in the cloud.
To provide clarity, let’s first take a look at where the division of responsibility lies when it comes to public cloud security and what’s delivered by the cloud providers; then we will address how to fill in the gaps.
Division of Responsibility
Cloud environments are divided into two distinct sections; cloud infrastructure and client data/applications.
The cloud provider is generally responsible for ensuring your data/applications reside in a secure facility, that your environment is properly segmented from other environments, and that they are following a specific business continuity strategy for your environment. In Amazon’s words, “As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations”. Notice that they don’t mention client data, application control, or user management.
They specifically ensure that the data center and the architecture are built with security in mind. The individual organization is responsible for securing their applications to both internal and external threats, properly securing and backing up their data, and managing usage and access controls.
Securing Your Data
What tools are then used to address the security that isn’t covered by the cloud provider’s environment? Most of these tools are the same ones you would use in an on-premise deployment. These tools can include, but may not be limited to:
- Firewall
- Endpoint Protection (Antivirus/Antimalware)
- Encryption
- Web Application Firewall
- Access Control
- SIEM
The complexity comes with managing a unified policy and visibility between on-premise and cloud infrastructures. Taking the time to understand the business risks and developing a strategy before deployment is ideal, however it isn’t always realistic. Strong communication between departments and a security-first focus will help in developing a strategy. Utilizing products and tools that have centralized management and consistent controls between on-premise and cloud deployments will also help maintain homogony of policy and public cloud security.
Complexity in Simplicity
It’s often easy to deploy simple workloads in the cloud; a few clicks can configure the environment and applications can be running within minutes. With the ease of deployment, cloud environments often grow faster than anticipated as other departments leverage this fast cycle and seemingly low upfront cost.
As more and more business-critical data moves to the cloud it becomes more complex to ensure the information is secure and compliant. Treating the environment like you would your traditional infrastructure and dropping the assumptions that the cloud service provider is enabling public cloud security is a good mindset to start with.
Finally, leveraging a partner that can provide security assessments for both your on-premise environment and cloud environment will ensure that you are using best practices and addressing compliance needs.
Secure your cloud environment.
Let’s talk
MicroAge has over four decades of experience in the IT industry—driving outcomes for our clients built on precision and trust. Learn how our security experts can help you support your cloud environment.
