Who is responsible for what?
Today we have several Cloud Services Providers like #aws, #gcp, #azure, and others and often questions arise about who is responsible for what, which creates a bit of confusion in our mind.
Many people mistakenly believe that if their application is running in the cloud all security concerns are automatically solved. #sadbuttrue This is a huge misconception because in reality we are responsible for the great part of what runs in the Cloud.
Let's take a look how AWS, Azure and GCP share the responsibility with us.
AWS
Azure
GCP
By examining the shared responsibility models provided by these cloud providers, it's clear that the customer bears a substantial part of the responsibility.
Basically CSPs are responsible for providing a secure foundation for customers to run their systems. However each service within the CSPs can work in a different way, so it's extremely important understand the specific service before deploying it.
领英推荐
But here I want to focus in the customer responsibility and highlight three key areas that I believe everyone must pay attention to:
1o Data: Customers are fully responsible for the data stored in the CSPs, it's essential to classify sensitive data, establish a lifecycle management plan from creating to deletion, cryptographic policies for the data in transit and at rest, and determine who can access the data and how it is handled. These are just few crucial points to consider when storing data within CSPs. Take care of your data as if it were gold.
2o Identity: CSPs are not responsible for managing who has access to your applications, services, or data! The customer is entirely responsible for Identity Management, deciding who can access what, when and how (SSO, users and groups, console, CLI, and so on). Broken Access and Misconfiguration are some of the top security issues and can lead to severe operational damage.
3o Application: Researches, reports and security companies every day show that most security vulnerabilities are found in the applications. It's the customer responsibility to keep applications secure, up-to-date, and following secure code practices. If you have an on-premise application with thousands of vulnerabilities, migrating it to the cloud will not eliminate those vulnerabilities, they will still be present. CSPs may provide security services that help alert, detect breaches, and sometimes protect the application, but it's up to the customer to ensure your applications are designed and maintained securely.
So, to bottom line, CSPs like #aws, #azure, and #gcp offer a large number of services, but the security of data, identities, and applications remains a customer responsibility. While the CSPs ensure the foundation is secure, the responsibility to protect what runs in the cloud falls largely in the customer. Understanding the share responsibility is critical to maintaining a secure cloud environment and avoiding vulnerabilities that could put your business at risk.
Reference: