Cloud Security | Your responsibilities and those of the Cloud Provider
There are multiple forms of Cloud Security ranging from managed applications in the cloud (Software-as-a-Service) to a fully virtualized infrastructure in the cloud (Infrastructure-as-a-Service). Most companies however prefer a hybrid solution where some parts are on-premise and others in the cloud.
Cloud Security – The Movie
In this video, our business developer Cloud Security, Tom Fonteyn, adresses the following topics:
- The advantages of moving to the cloud
- The challenges of cloud adoption
- Cloud security: your responsibilities and those of the cloud provider
- The 5 key cloud security controls
Why are companies moving to the cloud?
Many companies are moving to the cloud because it offers multiple advantages:
- Flexibility: cloud technology helps you manage your IT infrastructure in a lean, dynamic way. Physical location is of no importance anymore; accessibility from multiple sites is
- Scalability: you can easily upscale or downscale resources in line with operational requirements
- Cost control: it allows you to more precisely control costs and prioritize Operational Expenditure
- Latest technology: you can adapt the latest technology without long term commitment for hardware or applications
- High availability and disaster recovery: most cloud providers can offer a higher availability than you can yourself
- Manageability: company applications in the cloud (such as Office 365, AFAS, Salesforce…) are easy to access and manage
Despite these drivers, many companies remain hesitant because of the technical complexities and a lack of in-house knowledge. But, the biggest concern often remains the security aspect.
Cloud Security: who is responsible for what?
At SecureLink, we do not see this security aspect as a concern, but as an enabler. It is a way to rethink and optimize your security model. But, beware! A cloud is not secure by default. The cloud provider does not take care of the entire environment. There is a shared responsibility.
- Cloud providers are responsible for the security of the underlying platform.
- The customer retains ownership of the proper configuration of the building blocks provided.
Software-as-a-Service requires a good security design because it implies risks. Most of the time, organizations have a separate service provider who develops the application on top of Infrastructure-as-a-service. The security measures implemented by that secondary service provider can differ greatly. In fact, only 15% of cloud applications turn out to be officially condoned and managed by the IT department. User credentials get stolen or compromised very often. It is therefore very important to have a strong authentication process that still offers a good user experience.
An IAM solution is recommended because it provides a universal directory that is available for all applications in the cloud. You don’t have to authenticate for every single SaaS application all over again. It is a multi-factor authentication.
Identity and Access Management
When working in a cloud environment, it is extremely important to know who has access to your applications. A strong two or multi-factor authentication tool is crucial for your cloud security. But this tool should not hamper your user experience. Authentication for every single SaaS application over and over is not the answer. An IAM solution is. It provides a universal directory and delivers single-sign-on for all cloud applications in use.
Your public cloud environment should be equally secured as a traditional environment. Today, most security solutions can be deployed within a public cloud form factor.
Cloud Access Security Brokers (CASBs) are very useful to monitor and control what users are doing in cloud applications. They act as security policy enforcement points placed between cloud service consumers and cloud service providers.
SecureLink’s Cloud Security Offering
- Security for SaaS applications via Identity and Access Management (IAM) solutions often in combination with CASB (Cloud Access Security Broker) solutions
Read more about CASBs and strong or multi-factor authentication in Frank Staut’s blogpost.
- Deployment, configuration and management of cloud instances for core security building blocks to maintain the same security level as on-premise
- Secure and redundant connectivity between (multi-)cloud and on-premise environments
- Encryption solutions to encrypt data at rest, regardless where it is located
- Security monitoring of the environment from our CDC; our managed security services can be delivered over the complete extended infrastructure
- Our Security Maturity Assesment (SMA) helps you map your security maturity level to identify the areas that require a logical next step
SecureLink, member of the Cloud Security Alliance & partner of Amazon
SecureLink is a member of the Cloud Security Alliance (CSA) and is an Amazon consulting partner. Our consultants can help you adopt a secure cloud strategy, whether it is about securing a SaaS-application or securing specific workloads that are put in the cloud. Just keep in mind there’s no ‘one-size-fits-all’ solution!