Cloud-based networks are considered to be particularly secure, resource-saving and, in times of remote work, the means of choice. However, anyone who believes that this completely removes them from security responsibility is mistaken. Cloud services are not a standard model for IT security. As is often the case in life, the same applies here: It all depends ...
In recent years, more and more companies have opted for a cloud-based network. This offers more flexibility in computing power and storage capacity, is efficient and reduces the workload on the IT department. However, between 2019 and 2020, the number of cyberattacks on cloud services has doubled, making enterprises with cloud environments among the most frequently attacked.
Nevertheless, the cloud is considered one of the most secure environments - but only if the particular security requirements are also met by the respective responsible parties. This is precisely what many companies are not aware of.
Cloud security is not sufficiently understood by many cloud computing vendor customers. In a recent survey by KPMG, only 10 % of customer CISOs reported full penetration of the model, and 82 % had security issues related to understanding the model.
The "shared responsibility" model essentially states that the cloud provider is responsible for security the Cloud (the protection of the infrastructure) is responsible, while the customer is responsible for his security in the Cloud (the protection of the self-used application software) bears the responsibility.
The individual security tasks depend on the cloud provider and the provisioning service booked. As a rule, the services include the protection
a) the physical infrastructure
This means that the physical data centers are located on the premises of the cloud company and fall entirely under its responsibility.
b) basic software components
These are required for the cloud functions and usually include the categories: Data Processing, Storage, Database and Networks.
The customer's responsibility for their security in the cloud means that their network, application and data security, operating system and firewall etc. are NOT protected by the cloud. are NOT protected by the cloud!
Most security vulnerabilities arise from incorrect configurations. This is no different in the cloud. In cloud models, providers and users are both challenged. Cloud providers do support IT security. However, customers cannot avoid a security concept and the necessary configurations. Depending on the cloud model, the responsibilities are divided differently. The distribution can vary from provider to provider.
Provider:
- Availability & security of the cloud infrastructure (virtual machines, hard disks, networks)
- Computing power, storage space, connectivity
- Provision of services and tools
Customer:
- Installation, configuration, security of operating systems, and software stack (for application execution and data processing) for example:
Platform, application, identity and access management
Client-side data encryption
File system encryption
Network traffic protection
Protection of services and communication
Provider:
- Availability and security of the platform (security updates, backups, databases)
Customer:
- Management of the implemented software
- Identity management (assignment and maintenance of roles and rights)
Provider:
- Cloud infrastructure and software stack
Customer:
- Secure configuration of the services
- Identity management (assignment and maintenance of roles and rights)
Shared responsibility:
- Firewall maintenance
- Patch management
- Configuration management
- Trainings ...
Many companies have made the switch to cloud computing in the course of remote work and believe that the security responsibility lies with the provider. But in many cases, this is a fallacy. A review of the chosen model is worthwhile here. In addition, an IT security analysis is the tool of choice to identify potential vulnerabilities, for example, due to misconfigurations, outdated applications, expired certificates, etc. The result provides the necessary transparency and ensures the security of the remote work. The result provides the necessary transparency and regularly ensures aha experiences.
Start an assessment right away? Click here for a free IT security assessment of your external IT landscape. Free Security-Rating
Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.
English 
Deutsch 
Français