2022: A Complete Guide to Cloud Security Best Practices
Cloud data breaches have become a common occurrence. Billions of customer records have been exposed in just the last 12 months alone. Industry experts have projected matters to continue to get much worse. How did we get here?
Public Clouds ushered in an era of unprecedented agility. Naturally, organizations of every size are adopting the cloud and making it a mainstay of their infrastructure. The explosive growth of the cloud bears a close resemblance to its previous cousin – the Internet.
Most successful attacks on cloud services involve the exploitation of various misconfigurations. To keep up the insatiable user demand, Cloud Providers are adding more services at a dizzying pace, with each new service coming with its own set of access and security configurations. Imagine the complexity involved in keeping tabs on all the configurations across all of those services, from multiple cloud providers, who are constantly updating and releasing services. Additionally, regulators bring out a swath of regulatory frameworks with frequent revisions that do not help any. All of these forces together make cloud security incredibly complex. As this requires a multitude of skills, it is proving to be an impossible task for the vast majority of organizations.
This guide explains who is responsible for cloud security, between cloud providers and cloud users, and explores different approaches, tools and service models available for cloud security.
What is Cloud Security?
Cloud security breaches come in many forms, like data leakage, access compromise, privilege misuse, and malicious attacks (malware, DoS, etc). Just like information security (infosec) and network security, cloud security is also about ensuring the security of hosted services on the cloud over the internet, with a combination of –
领英推荐
Who is Responsible for Cloud Security?
Most Cloud Users mistakenly assume that Cloud Providers would be responsible for “entire” cloud security. That’s flawed complacency. Cloud Providers do carry responsibility for some parts of the cloud (‘security of the cloud’) and Cloud Users?are?responsible for the rest (‘security in the cloud’). It has been reported that in the vast majority of the data breaches, if not in all of them, Cloud Providers have not been technically at fault, but rather were the result of some or other security or access misconfigurations set up by Cloud Users. The graphic below describes the responsibility matrix between Cloud Providers and various types of Cloud Users.
The accountability, ownership & responsibility map to the level of access the actors have over the cloud stack, and widely varies based on the service model adopted by the organization as part of the cloud adoption.
Read and download the complete guide at https://wati.com/2022-a-complete-guide-to-cloud-security/
Topics covered:
Digital Marketer | Strategy Consultant | Information Architect | Ghost Writer | Web Developer | Tech Enthusiast
3 年Thanks a lot for sharing this. This guide is an eye-opener for businesses who assume "security in the cloud" as an all-inclusive offering from their Cloud vendor. Surprisingly, it is not the case. This guide clearly explains who is responsible for cloud security, between cloud providers and cloud users, and explores different approaches, tools and service models available for cloud security.