Who is really responsible for cloud security?


By Lionel Snell
Editor, NetEvents

Discussions about cyber security used to be dominated by horror stories of recent hacks and technological promises to never let it happen again. A recent debate suggested that things are becoming more interesting – and maybe more scary

At a recent NetEvents EMEA Press Spotlight the question was raised about security in the cloud, and where does final responsibility lie? Analyst Rik Turner from Ovum was surprised how many people were not aware of the “Shared Responsibility Model” summarising three different ways of consuming cloud services – Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) – and the relative responsibilities of the customer and the cloud supplier – see diagram.

In IaaS for example: Amazon Web Services (AWS) take care of all the grey bits, from Virtualization down to Networking. But above that it’s the customers’ responsibility. “You are not going to get any money back from them if you are breached because you didn’t secure those layers above” said Rik Turner. Similarly, for PaaS you are responsible for security in the top two layers. “If anything goes wrong with any of that, AWS would have to refund some money, or whatever”.

The shared security model is clearly very important for any enterprise migrating to the cloud: the enterprise will have to take care of security in all the red bits. So these are the very parts provided for by security vendors to the enterprise…Click here to read full article.


Comments are closed.