COVID-19 has changed the dynamic of operating business globally by transforming the traditional workplace. Working from home with a virtual office setup is the new normal, and holding meetings via video conferencing tools to communicate. It makes cloud commuting more engaged, so the organizations need to focus on hardening their security. In the case of the public cloud, there will be a shared cloud security responsibility between the Cloud Service Provider (CSP) and the user/ client (organization/ individual). Security is an absolute necessity for owners’ network controls, data classifications, and physical security. This division of responsibility for providing security to the cloud is known as the Shared Responsibility Model for cloud security.
The Shared Responsibility Model is considered a fundamental concept of cloud computing. Whether you are using SaaS, IaaS, or PaaS, it is an essential part of the mix as it states where the roles and responsibilities of cloud providers end and clients begin. Organizations can only fully utilize the benefits of cloud migration when they understand and execute this model properly for securing the data.
Regarding roles and responsibilities, the cloud provider and client (organization) have designated roles to fulfill. As for cloud providers, they are responsible for securing the infrastructure they provide. It includes securing the data center, virtual platform, and network. The cloud provider also needs to monitor the system assigned to them for any security events while the client (organization) is responsible for securing their data application. It includes data encryption, control access, designing, and secure application integration. The client also needs to monitor the system assigned to them for any security events.
As per the cloud service the client is using, like IaaS (Infrastructure as a Service), SaaS (Software as a Service), or PaaS (Platform as a Service), the Shared Responsibility Model may differ. It is said that approximately one-third of the organization’s critical applications use SaaS, IaaS, or PaaS instead of on-premises infrastructure. According to Gartner’s report, the market for IaaS has grown approx. 40% in 2020.
Source: Microsoft
PaaS provides cloud platform service. It can also be said that it gives developers a platform or framework and tools to design apps or software. In addition, it offers its clients more access to servers, networks, and storage.
IaaS is a cloud infrastructure service that allows organizations to directly purchase the resources rather than investing in them and maintaining their infrastructure.
SaaS is a cloud application service, one of the most popular services in the cloud industry. It allows people to access software or application through the internet via subscription. They are designed so that people can use them from anywhere and anytime, eliminating the additional downloading and installation.
SaaS primarily assigns most of the responsibilities to the cloud service provider rather than its client. In contrast to PaaS and IaaS, the client has to take more responsibility, and the burden of the cloud provider is lessened relatively.
It is essential that an organization for proper cyber hygiene as it is the first step towards cybersecurity. In addition, various cloud security services will help the organization improve its defense against multiple cloud threats and risks.
Varutra offers cloud security services like Cloud Vulnerability Assessment, Penetration Testing Services for application and information systems in the cloud, and Cloud Security Audit, which determines the security and effectiveness of the controls.
Here are some best practices that an organization should follow while practicing the Shared Responsibility Model. This way, they can keep their data and resources secure in the cloud.
Source: PurpleSec
The cloud provider and the client are responsible for protecting the respective part of the cloud system. They need to ensure it is appropriately configured, appropriate security controls are in place, and monitor their designated areas in the system for security events. It is suggested that an organization should reduce the complexity wherever possible, work on their security policies and workflow automation, and create situation and visibility awareness as it strengthens the cloud security program.
VMware
Center for Internet Security, Inc. (CIS®)
Author,
Sanjana Yadav,
Marketing Department,
Varutra Consulting Pvt. Ltd.
Introduction In an increasingly interconnected world, the financial industry is becoming more vulnerable to cyber…
Introduction In today's interconnected world, where smartphones are an extension of our lives, ensuring the…
Introduction Unseen and unpredictable, zero-day threats loom as a constant menace to modern businesses. Detecting…
Android penetration testing is a crucial aspect of ensuring the security of Android applications and…
In today's interconnected world, where cybersecurity is of paramount importance, password security plays a crucial…
Introduction to Web & Mobile Application Security Assessment Web and Mobile applications have become an…