Cloud computing is a necessity for business continuity in today’s changing landscape. But before organizations move critical workloads to the cloud, they must understand the shared security model wherein customers need to secure data in the cloud. At the same time, providers are responsible for securing the infrastructure. With cloud security breaches becoming a regular occurrence in 2020, Nextiva’s Joe Manna discusses the ins and outs of this approach. Â
If entire networks and all company data are online, businesses become more vulnerable to corporate espionage or data exfiltration. Data security was far less of a concern when data and systems were housed onsite in company offices.
When looking at cloud security, the notion of a shared model comes up often. Many service providers offer it to help businesses get set up and operating on the cloud quicker.
What Does The Shared Security Model Look Like?
The shared security model places the burden of cybersecurity on both the provider and the client. This approach means that the system that provides your cloud infrastructure shares the responsibility of keeping everything you store and run on their platform secure. However, this also means you’re not involved with the security infrastructure. You simply pay to access a service or application.Â
The service provider is responsible for the infrastructure and ensuring it’s not a soft target to attacksOpens a new window . The client is responsible for the security of everything stored inside the cloud. Understanding this distinction is essential.
The infrastructure is the platform itself. Take, for example, Google Drive. Google is responsible for ensuring that there’s no easy way to get into the platform without proper credentials. You are responsible for ensuring your password is secure and that your content settings don’t permit anyone to edit or delete your content. When both parties have established their security protocols, the shared cloud security model works brilliantly for businesses.
Learn More: Why Policy-Based Access Control Is Critical for Securing Data in the Cloud
Common Pitfalls Of The Shared Security Model
The shared model is such a good option for businesses because it takes away the cost and effort required to create their own cloud platform. You can go to a service provider and get a readymade platform that adopts sound security practices. Your business makes its profile, transfers data, and sets everything to the proper security levels.
Unfortunately, it isn’t always easy to get right. Pitfalls that companies often come across include:
- Not choosing the right type of provider
When partnering with a cloud solution provider, you are essentially paying for their platform and service. There are three different types of services:
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)Â
- Software as a Service (SaaS)
Depending on your business needs, you need to make sure that you’re getting the right service.
The client can reduce their security burden when they work with a cloud provider specializing in their industry, such as healthcare. However, access control will always be your responsibility to maintain and monitor, no matter what kind of service provider you use.Â
- Deciding if it’s best to keep some onsite infrastructureÂ
The decision to keep some of your storage and systems infrastructure onsite depends on your business. For example, a physical office will have an internet connection, hosted or on-premises phone systemOpens a new window , and, more than likely, company-owned computers. These are part of your onsite infrastructure. You can, however, also keep servers for data storage and any specialized systems or hardware as onsite infrastructure.
In these cases, you will need to consider how you secure that infrastructure concerning your cloud solution. A popular option is to get remote users to connect to the cloud via your on-premises infrastructure so there is only one entry point to the application.
- Misconfiguring your cloud solution
The configuration of your cloud setup is risky and has the largest impact. Whether you are in a plug-and-play setup or deploy updates via Git, you must adopt proper security best practices. Thousands of production credentials are storedOpens a new window in public repositories like GitHub.
Learn More: Why Your Cloud Security Needs to Mature for the ‘New Normal’
Why Does Cloud Misconfiguration Still Happen?
Despite cloud computing becoming the first choice for companies, platform misconfiguration still happens. Organizations around the world suffer from data breachesOpens a new window , fraud, and worse regularly. The reasons for these breaches include:
- Not understanding the security burden — If your business doesn’t understand its responsibility fully, you won’t be able to set up your cloud solution to meet your needs adequately. You need to take it upon yourself to learn as much as you can about the shared security model, so you know how to secure your applications.
- Not having a comprehensive plan for configuration — This is especially important if you have the onsite infrastructure and cloud infrastructure, and you need to marry the two. However, you need to understand your security needs, system management, and level of responsibility in terms of your service provider.
- Not verifying your configuration — Just because your service or application works doesn’t mean it’s secure. Too many companies don’t take the time to audit and verify the integrity of their system configuration. It’s crucial to test the entire application and cloud environment before and after going live.
There’s no denying the benefits of the cloud, but you need a robust security framework like any other modern IT system. Within that framework, you must understand your responsibilities and test systems routinely for vulnerabilities. Without ticking these boxes, businesses open themselves up to attacks and remain vulnerable.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!