Public Cloud, Part of the Network or Not, Remains a Security Concern

  /     /     /  
Publicated : 22/11/2024   Category : security


Public Cloud, Part of the Network or Not, Remains a Security Concern


Security in the public cloud is like asking who is responsible for securing your rented apartment – you or the building owner?



The public cloud is part of your network. But its also not part of your network. That can make security tricky, and sometimes become a nightmare.
The cloud represents resources that your business rents. Computational resources, like CPU and memory; infrastructure resources, like Internet bandwidth and Internal networks; storage resources; and management platforms, like the tools needed to provision and configure services.
Whether its Amazon Web Services, Microsoft Azure or Google Cloud Platform, its like an empty apartment that you rent for a year. You start out with empty space, put in there whatever you want and use it however you want. (See
Security Spending Increasing, Along With Data Breaches
.)
Is a seasonal rental apartment your home? That’s a big question, especially when it comes to security.
By the way, lets focus on platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS), where your business has a great deal of control over how the resource is used -- like an empty rental apartment.
(Source:
Pixabay
)
We are not talking about software-as-a-service (SaaS), like Office 365 or Salesforce.com; thats where you show up, pay your bill and use the resources as configured. That’s more like a hotel room: you sleep there, but you can’t change the furniture. Security is almost entirely the responsibility of the hotel; your security responsibility is to ensure that you don’t lose your key, and to refuse to open the door for strangers. The SaaS equivalent: Protect your user accounts and passwords, and ensure users only have the least necessary access privileges.
Why PaaS/IaaS are part of your network
As Peter Parker knows, Spider Mans great powers require great responsibility.
Thats true in the enterprise data center -- and its true in PaaS/IaaS networks. The customer is responsible for provisioning servers, storage and virtual machines. Not only that, but the customer also is responsible for creating connections between the cloud service and other resources, such as an enterprise data center -- in a hybrid cloud architecture -- and other cloud providers -- in a multi-cloud architecture.
The cloud provider sets terms for use of the PaaS/IaaS, and allows inbound and outbound connections. There are service level guarantees for availability of the cloud, and of servers that the cloud provider owns. Otherwise, everything is on the enterprise. Think of the PaaS/IaaS cloud as being a remote data center that the enterprise rents, but where you cant physically visit and see your rented servers and infrastructure.
Why PaaS/IaaS are not part of your network
In short, except for the few areas that the cloud provider handles -- availability, cabling, power supplies, connections to carrier networks, physical security -- you own it. That means installing patches and fixes. That means instrumenting servers and virtual machines.
That means protecting them with software-based firewalls. That means doing backups, whether using the cloud providers value-added services or someone else. That means anti-malware.
Thats not to minimize the factors the cloud provider does for you. Power and cooling are a big deal. So are racks and cabling. So is that physical security, and having 24x7 on-site staffing in the event of hardware failures.
Now entering its fifth year, the
2020 Vision Executive Summit
is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.
Also, theres click-of-a-button ability to provision and spool up new servers to handle demand, and then shut them back again when not needed. Cloud providers can also provide firewall services, communications encryption, and of course, consulting on security.
The word elastic is often used for cloud services; thats what makes the cloud much more agile than an on-premise data center, or renting an equipment cage in a colocation center. Its like renting an apartment where if you need a couple extra bedrooms for a few months, you can upsize.
For many businesses, thats huge.
But again, with great power comes great responsibility.
Youve got to secure and test your resources, just like its your job to make sure the doors and windows are locked on a rental apartment, and make sure you engage an alarm service and video surveillance if you want that level of protection. It doesnt come with the apartment -- or with the cloud.
To get an example of the sorts of responsibility that you have for securing PaaS and IaaS, and where the service provider takes responsibility, there are documents from
AWS
,
GCP
and
Azure
. Consider those a starting point -- not a full comprehensive list.
In short: The PaaS/IaaS cloud is part of your network.
Sure, know your cloud providers service level agreements, but ultimately, its your responsibility to protect, your applications, your data, your customers, and your intellectual property. The cloud might move the money from CapEx to OpEx, but assume that security is 100% your responsibility. After all, its your data, and your business thats at risk if theres a breach.
To do otherwise would be a major, major mistake.
Related posts:
Office 365 & G-Suite: How Email Security Is Failing Your Business
TeenSafe Data Leak Shows Cloud Security Weaknesses
Next-Generation Firewalls: Poorly Named but Essential to the Enterprise Network
As Public Cloud Use Increases, So Does Data Theft

Alan Zeichick is principal analyst at
Camden Associates
, a technology consultancy in Phoenix, Arizona, specializing in enterprise networking, cybersecurity, and software development. Follow him
@zeichick
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Public Cloud, Part of the Network or Not, Remains a Security Concern