How Secure are Cloud-Based Systems and Services – more precisely, security of the cloud-based platform?
Everybody considers themselves “cloud” because that’s the marketing buzz word. But whether it’s a hosting or truly a cloud service provider, we have to assume the security of the cloud-based platform is not secure.
There are two ways to tackle cloud security:
- Read Contracts: We need to look very closely at what that third-party contract for your cloud service says. Everyone thinks that when you put the data out there that the vendor is liable for it if it gets breached. They are not. They are contractually not going to write it that way. There is too much risk and liability for them, but what you can do?
- Set Up Security Tools: Every vendor is a little different; for instance, in Microsoft’s world I would be turning on all of the great security tools they have. I’d be spending quite a bit of time learning their security; it’s not easy, but they do help dial down the security of their environment. Amazon, same thing, but their firewall documentation is complex and you need to be an astrophysicist to deploy their firewall, so there are other techniques of how you secure an Amazon environment. Remember, they are not liable for a security breach, you are. So you need to set up those tools.
To hear more on this topic, listen to my podcast discussions with David Cross, now Dir. Of Cloud Security at Google and former General Manager in charge of Security:
- Google Cloud Security: End-to-End Trust and Transparency In Your Stack
- Insider’s Look at Microsoft Azure
Regardless of your title within IT Security realm, you will benefit from these conversations.
Please share this with members of your professional community. If you want to join the CIO Innovation Insider Community, email firstname.lastname@example.org to receive the latest updates on events, content, podcasts, and more!