Cloud Security Is a Shared Responsibility

In the answer to a question from a recent webinar, editor Curtis Franklin looks at whos responsible for data security in the cloud.

Here at Security Now, webinars are interactive affairs. In our most recent webinar, we had some great questions, including a couple that we couldnt answer in the time allowed. Heres the first of the questions along with our answer for everyone in the community to see.
In our
Look Forward to CyberSecurity in 2018
, Gary asked:
If we are going to move more critical applications and the data accessed, produced and stored -- will encryption capabilities become critical? And would anyone really outsource this function to AWS? Many people think AWS and Azure are taking responsibility for your apps and data when you move them to the cloud -- are they really going to add this via their service offerings?
The question of who takes responsibility for your applications and data is a critical issue when moving to a cloud infrastructure. Cloud providers have tried to bring some discipline to the question of whos responsible for what through the
shared responsibility model
of security. Stated most succinctly, this states that the cloud provider is responsible for the security of the cloud infrastructure (including the services and applications theyre contracted to provide) while the customer is responsible for the security of the data that runs through the infrastructure.
Amazon was the first major cloud provider to publish a
formal statement
of their policy on AWS. Their language draws a distinction between the security of the cloud and the security of whats in the cloud. Its a useful distinction that helps clarify the pieces that fall under each definition.
Image: Amazon AWS
Of course, Amazon has not been alone in drawing the distinction: Microsoft has also released information on the
shared security model as applied to Azure
. Google also has
a paper explaining their security model
, though it goes into more detail on the tools they provide to help customers with their responsibilities.
When you strip away all the explanations and jargon, the lesson to be learned in all of these papers and posts is that going to the cloud doesnt mean that you can forget about security. No cloud provider is stepping up to assume responsibility for your datas security -- thats still your job.
The fact that its your job means that you may need to bring new tools and strategies to bear on data that no longer lives within the cozy confines of your network boundary. These tools, which range from micro-segmentation to CASB, should be deployed in consultation with your cloud provider so that youre certain neither of you is stepping on the others toes in the name of security.
If youre interested in the other questions and answers from the webinar, as well as the editors takes on the stories were likely to be talking about in 2018, its not too late to
listen to the webinar
. Youve got time to ask your own questions, too -- just leave them as comments to this article or the next article answering questions from the event. And keep your eyes open for our next editorial webinar, coming to Security Now in January 2018!
Related posts:
Breach Reveals Data on All US Households
Office 365 Flaw Could Lead to Stealthy Admin Headaches
Cloud Security Is an Enterprise Responsibility – Report
— Curtis Franklin is the editor of
SecurityNow.com
. Follow him on Twitter
@kg4gwa
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cloud Security Is a Shared Responsibility