Security in the cloud is a contentious topic. It is a vast and deep topic, therefore we can only scratch the surface and provide links for further investigation and due diligence. In social media and various forum posts, it is quite common to see objections on security grounds for putting business workloads in the cloud. With all due respect to the posters, it is not clear if they are business persons or journalists out to scare people. Either way, it reflects a lack of understanding of an important principle of cloud security. AWS documentation refers to it as “Shared Responsibility Model“.
“Shared Responsibility Model” makes a distinction between “security of the cloud” and “security in the cloud”. The former is the responsibility of the cloud provider and the latter is the responsibility of the consumer or business that leverages the cloud. Both major cloud providers, Amazon and Microsoft, satisfy the most rigorous compliance requirements of Australian, US and European Government agencies. From that perspective, cloud infrastructure is considered to be safe. There is continuous monitoring worldwide, so any suspicious activity is picked up and quarantined fairly quickly. For a brief overview of compliance by the two cloud providers, please refer to the documents below. Alternatively, please do a Google search for “AWS compliance resources” or “Microsoft Azure compliance resources” and be prepared for an information overload.
From the perspective of compliance with Australian Signals Directorate (ASD) security questionnaire, please see page 63. Issues arise with the flip side of the coin in “Shared Responsibility Model”. The consumer owns their own data and they need to preserve its confidentiality and integrity. The cloud provider provides the plumbing necessary to access the data securely, but it is up to the consumer to ensure that their business data is being accessed by authorized personnel, and ensure that their identity is verified properly and has not been hijacked by malicious hackers. Problems arise when consumers don’t avail or apply the facilities provided. When information of such data breaches comes into the public domain, journalists obviously exaggerate the issue and blame the car for an accident, not the driver!
If you would like to learn more about how Nimble Kumulus can help you to ensure your business data is safe as well as secure and more importantly, under your control, please Contact Us now…