Researchers have identified a clear rising trend towards on-site private cloud, hosted private cloud, IaaS and SaaS for business IT. Analysts estimate that approximately 60% of all IT workload will operate from cloud environments by 2019. The rush to join the masses in the cloud is a strategic and necessary move that requires careful planning and knowledge of your business IT capabilities. The sense of urgency and impending change caused by the transition to the cloud can create uncertainty, with many companies questioning security during their digital transition.
Unwarranted Security Concerns Cause Unnecessary Delays in the Transition to Cloud
Security is a major consideration, with many companies fearful of cloud security. This fear is generally based on a lack of knowledge and concerns about accountability. The ‘Shared Responsibility Model’ aims to alleviate these anxieties.
Most companies fail to fully understand their responsibilities for security in the cloud, placing uneducated onus solely on the cloud service provider. In reality, security responsibilities are shared between the cloud service provider and the customer, with cloud providers taking limited responsibility and customers left to close the gap. If you thought that ALL cloud security rested squarely on the cloud providers shoulders, you would do well to read on.
Gartner’s report estimates that 95% of security breaches occurring between 2016 and 2020 will be the customer’s fault. Companies are failing to address security concerns due to naivety and lack of understanding. The AWS seeks to dispel confusion with their ‘Shared Responsibility Model’ for security and compliance, which breaks down cloud security roles and responsibilities as follows:
Meet Your Obligations
Cloud Platform Provider Obligations
Responsible for security “OF” the cloud (infrastructure).
- Compute
- Storage
- Database
- Networking
Customer Obligations
Responsible for security “IN” the cloud.
- Customer data (storage, security and protection)
- Platform, applications, identity and access management
- Operating system, network and firewall configuration
- Network traffic encryption, server-side encryption and data integrity
The European Union’s GDPR data privacy legislation came into effect as of May 2018 and further outlines these responsibilities. Regulators charge the ‘data owner’ or the ‘body’ that collects the data with the responsibility of securing all personal data. Therefore, it is the data owners who are liable for security breaches and responsible for ensuring that their cloud service providers offer and adhere to strict security measures. The scope of customer responsibilities for security in the cloud is significant. It is vital that businesses evaluate their IT capabilities to ascertain whether they can meet their obligations. Companies should consider obtaining expert advice from a reputable Cloud service provider such as Control Networks to determine their internal capabilities.