“Not my job.” How many problems arise because someone thinks taking the steps to prevent the problem aren’t their responsibility? When it comes to security in the cloud, it’s important to be clear on your responsibility to make sure you don’t overlook important measures and leave your systems vulnerable to attack.

Shared Responsibility in the Cloud

Security of systems in the cloud is a joint responsibility between cloud users (you) and the cloud provider. Understanding who is responsible for what aspects of security is critical to making sure security is handled effectively.

The cloud provider is always responsible for physical security, meaning security of the data center, network, and devices. The cloud user is always responsible for user identities, accounts, and access privileges, security of end user devices, and protection of data. Depending on the specific details of the cloud service and agreements with the cloud provider, either the provider or the user may be responsible for the operating system and applications.

Your Data, Your Users, Your Security Responsibility

The security of your cloud data is closely tied to your user management, and both are your responsibility.

Protecting your data requires managing overall access permissions; many cloud service default configurations make resources publicly available. Data also needs to be encrypted at rest as well as in transit.

Managing users in the cloud is much the same as managing users in the data center. Identities need to be created and privileges assigned, preferably using role-based access controls. When possible, federated identity tools should be used to allow consistent identities across the cloud and internally. Multifactor authentication is a must when accessing cloud data. If cloud systems will be accessed via mobile devices, mobile security tools such as mobile device management software provide protection.

In addition, there are new tools that companies can consider using to protect their data in the cloud. These include cloud firewalls and cloud security access brokers, both of which can block unauthorized connections to cloud data.

Security is an Ongoing Process

As in the data center, security in the cloud is an ongoing process. Logs need to be monitored for anomalies, alerts need to be investigated, and new vulnerabilities need to be addressed. Changes in cloud services and cloud configurations need to be reviewed to ensure appropriate security measures are applied.

Prescient Solutions provides information security services to protect business systems and data whether they reside in the cloud or in the data center. Partner with Prescient Solutions and your cloud provider to ensure a safe, secure computing environment in the cloud. Contact us to learn more about how to address your responsibilities for cloud security.