Public Cloud Security: What to Know About Shared Responsibility Models
In lockstep with growing demand for remote working and public cloud services, on-premises infrastructure is shifting from asset to liability. But moving to the cloud comes at its own cost: increasing the organization’s attack surface.
While numerous, well-publicized breaches of data storage services have raised general cloud security awareness, cybercriminals continue to work diligently to stay one step ahead. Recent research from Sophos found that almost three quarters of organizations hosting data or workloads in the public cloud experienced a security incident in the last year. And an overwhelming number of organizations (96%) remain concerned about their current level of cloud security.
For channel partners, these concerns about public cloud security are exacerbated by the fact that it’s not just their own cloud environments that need to be protected, but also their customers’.
To help partners navigate the ins and outs of managing public cloud security and compliance, we’re launching a three-part article series to share best practices and key considerations for a public cloud security strategy. To kick off, let’s start with the basics: what to know about shared responsibility models.
What does “shared responsibility” entail?
There are many reasons why you might decide to move to the public cloud. Whether that’s improved costs for your business, the added agility to spin up and spin down services on demand, or improving time to market for products and services.
But the public cloud can be a double-edged sword. While providers like AWS, Azure and Google provide a great deal of flexibility in terms of how you can build your cloud environment, one of the consequences of that flexibility is that they cannot fully protect the data, virtual machines or virtual networks running in those cloud environments.
What this means is that cloud providers have a duty to secure the cloud, including ensuring physical security of the data center. But whatever you put into the cloud – whether that’s data or virtual machines – is your responsibility.
In short, your cloud provider must take responsibility for security of the cloud itself, but responsibility for security in the cloud is on you.
Fulfilling your responsibility for security in the cloud
Protection from the latest generation of public cloud cyberattacks requires a strong level of visibility and security automation. Channel partners should ensure they are armed with advanced technologies that can disrupt an entire attack chain. Key capabilities should include:
- The ability to secure all your cloud resources. Partners should be able to get a complete inventory of multi-cloud environments (virtual machines, storage, containers, IAM Users, etc.). This will reveal insecure deployments, suspicious access and sudden spikes in cloud spend. Learn more
- Cloud-native workload protection. Protect virtual machines, and the virtual desktops running on those machines, from the latest threats, including ransomware, fileless attacks and server-specific malware. Learn more
- Network edge protection. Secure inbound and outbound traffic to your virtual network and desktop environments, and provide secure remote access to private applications running in the cloud. Learn more
As channel partners consider and evaluate public cloud services, it’s critical to understand the shared responsibility model and which security tasks are handled by the cloud provider and which tasks are handled by you.
Because the security obligations of cloud vendors can only go so far, it’s important for channel partners to fill the gaps, using the right tools to effectively manage and secure risks. A multilayered approach allows partners to ensure visibility, compliance, and security of public cloud environments – both their own, and their customers’.