Cloud Security: Who’s Responsible for What, and How to Reduce Risk

Cloud Security: Who’s Responsible for What, and How to Reduce Risk

Cloud adoption among small to midsize businesses (SMBs) continues to increase because cloud capabilities and applications line up nicely with the business goals of smaller companies. The cloud is cost-effective and mobile-friendly, and it allows organizations to automate business and IT functions across the organization to boost productivity.

Security is also a high priority for SMBs, which are being targeted more than ever by hackers. Many organizations assume cloud providers are responsible for securing the cloud environment. Move a workload to the cloud and security responsibilities move with it.

But that’s not the case. Security responsibilities are shared by the customer and the cloud provider.

You’re still responsible for protecting your user credentials and data. In the case of Infrastructure-as-a-Service, you’re also responsible for your virtual machines and applications. Cloud providers are responsible for securing their infrastructure, including storage, networking hardware and physical compute resources. And secure cloud infrastructure isn’t enough to protect assets that you host in that infrastructure.

Most cloud providers offer security tools and services to the customer, but it’s up the customer to implement them. This often results in misconfigurations that lead to security breaches. Just last year, the data of 6 million Verizon customers was exposed because a cloud system used by a third-party service provider was improperly configured to allow external access. The fact is, the cloud is very secure, but only when configured correctly.

Here are seven steps you can take to improve cloud security.

  1. Never assume who is responsible for security. Collaborate with your cloud provider. Be proactive about defining security roles in your service-level agreements and building security into your cloud strategy during the planning stages.
  2. Tightly control who has access to cloud resources, following the principle of least privilege. Users should only be authorized to access the cloud resources required to do their job.
  3. Use multifactor authentication to make it more difficult for hackers to access your cloud system by stealing legitimate credentials. For example, biometric identifiers are virtually impossible to replicate. Also, avoid shared credentials.
  4. Maintain visibility into all cloud activity. Track who accesses what cloud resources, when they access those resources, and from where.
  5. Encrypt all cloud data and maintain control of your encryption keys. Even if unauthorized users access your cloud systems, the data will be useless if encrypted.
  6. Evaluate the security of your cloud environments and providers, as well as any business partners and vendors who access your cloud resources.
  7. Educate and train employees in cloud security to reduce the risk of breaches caused by human error and carelessness.

Verteks can help you take full advantage of the cloud without compromising security. We can assess the current state of security in your environment and identify vulnerabilities. We can then help you choose, configure and deploy the necessary security tools and services, such as antivirus software, next-generation firewalls, content filtering, encryption and multifactor authentication. Once your cloud security strategy has been implemented, we can monitor activity and generate reports that allow us to further enhance your defenses.

To protect your on-premises and cloud resources and minimize the risk of a breach, contact us to schedule a confidential security consultation.