Make Cloud Security a Shared Responsibility
Despite the business and technical advantages of cloud computing, many potential customers have yet to join in, and those that have implemented it still have reservations about moving all their valuable data to the cloud. As we all know, one of the top issues for organizations when it comes to handing over some of their IT capabilities to a third party is security.
Reliable technical security measures are the biggest challenge for cloud providers trying to persuade enterprises to adopt their solutions. Are providers open about the measures they implement? Are they entirely responsible and accountable for the measures? Do organizations know their role in the process? Do reliable tools translate into detailed procedures?
Consider Amazon’s whitepaper “Overview of Security Processes“. Experts have said it lacks crucial technical details about the security procedures. Some may say it is an issue of providers passing the bottom-line accountability for any data breach to customers. On the other hand, the providers’ statements about handling security indicate that the customers’ role is of major importance, and that they cannot rely exclusively on a provider’s tools.
To fight pre-implementation insecurity about cloud computing technology, organizations (large or small) must develop a strategic plan to evaluate applications, prioritize the security measures on business value, and create a risk profile. This assessment can allow cloud providers to offer advice and customized deployment to suit an organization’s security model. This seems to be the best way for cloud infrastructure providers to design their solutions to provide the visibility and transparency that organizations need.
I utterly believe that, for the cloud computing model to work, customers and providers need to share the risk. Although providers fear that more transparent technical details may invite scrutiny (and criticism) in some technical areas, customers must be continuously and deeply involved in the process and ask pertinent questions.
The ultimate responsibility resides with the organizations to hold cloud vendors accountable for a certain level of network security and remain responsible for their own data security. It is the customer’s responsibility to choose the appropriate solution and demand periodic security reports from the vendor, so the customer completely understands how its valuable data is stored and protected.
Photo source: https://www.sxc.hu/photo/1097903.