Cloud security is a shared responsibility of the cloud end-user and the vendor. Your cloud vendor will make sure that you have what you need to run applications on the cloud. But, the vendor won’t take security responsibility beyond what they promise in the agreement. So, as end-users, you should take the necessary steps in securing your cloud environments and the workload. You need to understand that you are fully responsible for protecting your cloud environments for which your vendors won’t take responsibility.
Your share of responsibility depends on the cloud service model that you have chosen. To know more about it, read our blog on the Shared Security Model.
Let us understand in brief what your vendor is responsible for depending on the model you have chosen.
- IaaS: Your cloud service vendor will be responsible for securing just the infrastructure. As an end-user, you are responsible for the data, applications, user-access, middleware, network traffic and operating system.
- PaaS: Your vendor is responsible for securing the infrastructure, Operating system, Network traffic. You are responsible for the security of software testing and deployment environments.
- SaaS: Your cloud vendor will manage the infrastructure, applications and serverless security features. You are responsible for protecting your data and user-access.
To know more about these models in detail, click here.
Your responsibility as an end-user of the cloud
Whatever cloud service model you select, you will always be responsible for securing certain types of workloads. Keep in mind the following points to ensure maximum security of your cloud environments.
- Evaluate default settings.
Your cloud vendor will set a few settings, but, you may have to manually change a few of them depending on your cloud needs. You need to have in place a set of security policies that best suits your organization’s needs. It is always better to prepare beforehand than assume that your vendor will take care of certain aspects of your cloud security.
- User authentication for data access is a must.
You have to protect your data on the cloud by providing proper user authentication. It should be password protected. Also, you need to select password rotation and expiration policies as per your needs.
- Set proper user privileges.
Setting the right access to the right user goes a long way in protecting your sensitive data. Use Identity and Access Management (IAM) controls to ensure all identities have access to the data they need to do their job.
- Always update your cloud software.
Depending on the cloud service model you chose, your vendor may provide infrastructure and inbuilt applications or a cloud-native firewall or maybe something else. Other than this, whatever you add is your responsibility.
You need to ensure that you update your security patches, OS, and others on time. You can even enable auto-updates to prevent backlogs.
- Separate your resources on the cloud.
You can isolate your administrator accounts for deployment, testing, development and others. That way, you reduce the possibility of attackers taking full control of your system. If an attacker gets access to one account, he/she won’t be able to access any other account.
- Understand the data retention policies of your cloud vendor.
You must have multiple copies of your data. You should know answers to the questions like; what will happen if you delete your information from the cloud? Will your cloud vendor have access to it? Can that data get cached at some location? And other such questions. It is necessary to have a fixed retention period.
- Have security policies and best practices in cloud images.
It is a good practice to build cloud images with security tools and policies applied to it. DevOps teams can use these images to create instances and work on them. That helps in preventing any policy discrepancies.
- Never take it for granted that your cloud data is safe.
Your vendor may or may not provide encryption services before upload. Hence, you have to make sure to encrypt all your data using your keys.
Your cloud provider will do what it can to protect your resources in the cloud. But that is not sufficient. You have to take the security responsibility of your cloud.
Technosprout provides customized cloud security solutions to protect you from all types of cloud-based attacks. Take our free assessment test to get to know the health of your cloud. Contact us and our executive will get in touch with you shortly.