The Cloud is a cost-effective option for many businesses. Businesses can store information and run necessary applications on the cloud and only pay for the resources they expend. Unfortunately, this also means the context of security needs has expanded. Through the sharing of hardware, infrastructure, and perhaps even data storage, security in the cloud has become of significant concern. So although it may seem to be a convenient option, there are questions that every company should ask themselves to evaluate their current standing with cloud security. Here are our top three questions to get you off to a great start.
What are the security capabilities of your cloud provider?
First, consider the different services you are subscribed to… Does it include IaaS (Infrastructure-as-a-Service), PaaS (Platform-as-a-Service), or SaaS (Software-as-a-Service)? If you are using any of these services, then there is a shared security responsibility between both you and the cloud provider supplying these services. This is due to the fact that these services may require varying security controls to protect sensitive data within the applications. It will be up to you and your company to evaluate the risks (e.g. data leakage) particular to your business or industry and determine what security controls should be in place, such as encryption or access control.
What’s your role when it comes to cloud security?
Consider the way your company operates day-to-day business activities. Does it involve a private cloud? Is your company managing applications that are being hosted on this private cloud? If that’s the case, your company will ultimately be in charge of the security of these applications. Most security experts would recommend using 2FA (two-factor authentication) for your applications on the private cloud, and the responsibility of implementing 2FA will not be the responsibility of your cloud provider. Moreover if you’re using a hybrid environment, it can sometimes become a pain to implement and monitor the security of all your business applications across on-premise and cloud environments. This is when managed security services come in handy, ensuring that you’re getting consistent and reliable network and application protection.
What’s your relationship with your network provider?
Your cloud provider isn’t responsible for protecting the entirety of your on-premise or cloud environments. In certain circumstances, your cloud provider cannot assist you when when cyber attacks of large magnitudes are coming your way. Instead, you will have to turn to your network provider for help. Network providers are the ones who can handle large DDoS attacks but this in turn also depends on the chosen course of action in the event of a cyber attack. Agreeing on a traffic threshold with your network provider is one route you can take so that they may help you block unnaturally high traffic based on that specification. Building a relationship with your network provider is crucial because they need to have a clear understanding of where your security priorities stand.
In order to survive in today’s increasingly competitive digital world, business operations on the cloud will need to place greater importance on security compared to a decade ago. Understanding your as well as your cloud provider’s roles when it comes to security can be a great starting point. For more on the topic of cloud trends and cloud threats be sure to check out our blog post over at Penta Security’s cyber security blog.