Join Mike Chapple for an in-depth discussion in this video Who is responsible for security in the cloud?, part of Insights from a Cybersecurity Professional.
- Well, security in the cloud is a shared responsibility between the cloud provider and the vendor. I think one of the most important things to do when you're having a conversation like this is to be specific. And the term cloud itself is often a little too general for this type of conversation. When you think about the types of cloud services that are available, there's really three main categories. You have infrastructure as a service where a cloud provider is offering the basic building blocks of infrastructure. Servers, storage, those sorts of things.
Platform is a service where the cloud provider is providing an application platform that you can run your own code on top of. And then software is a service where the cloud vendor is actually providing an entire application for you to use. Security responsibilities shift as you shift between those different models. In all three cases, it follows a shared responsibility model where the vendor has some of the responsibility, and the customer has other responsibilities. On the infrastructure as a service side, more responsibility lies with the customer.
The vendor has to make sure that the physical security is taken care of, and that the basic platform is secure. But then the customer's building servers and putting things in storage on top of that, so they need to make sure that that's all done in a secure manner. When you shift over to the other side of the spectrum and you have software as a service, now the vendor is responsible for a lot more, because they're managing all the way up the stack through the application. So they have to make sure that that is all implemented securely. And the customer's responsibility is typically limited to controlling what information is put into that cloud service in the first place, and then maybe you're dealing with access permissions and a few user configurable security related settings.
So the responsibility shifts back and forth.
- How does one break into the cybersecurity field?
- What are the various career tracks?
- How do organizations prevent a security breach?
- What are the compliance issues?
- Who is responsible for security in the cloud?
- How does IT security impact other business divisions?
These are the kinds of insights that can help you explore a new career, focus on a course of study, or even prepare for an interview.