Cloud Security: Customer and Provider Share Responsibility

Cloud Security for customers

Cloud solutions have given a new perspective to the IT world by transforming the approach of managing data and business. Cloud has enabled organizations to streamline their business processes and work more efficiently in the field. But despite of all the privileges cloud offers, many organizations are still reluctant to moving their data and applications to the cloud environment.

Security is cited as one of the major obstacles to cloud adoption as end-users don’t have complete access over the infrastructure. However, cloud is a more secure option than in-house storage as the cloud service providers have the required skill set for the maintenance and management of the infrastructure than most of the in-house facilities.

The security solution for cloud comes in various layers such as physical security, best practices, security features such as firewall, antivirus and anti-malware software and so on. But there’s always this confusion around when it comes to cloud security, which is in particular who is responsible for security. Is it the service provider or the customer, who should be in charge? It depends on what cloud stack you are looking at.

Security responsibilities are divided

Relying completely on service provider for security is certainly not the right approach. Cloud service provider is surely responsible for offering security solutions to end-user, but that includes just a portion of it. The service provider is responsible for the security of the cloud, which means the physical infrastructure, networks, and storage, while the user is responsible of security in the cloud that includes data and applications and other services hosted within the managed cloud instance.

For example, a service provider will offer you network security that means protection against external threat and maintaining secure traffic flow. But the user is responsible for securing data and applications and their operating systems by encryption. In addition, users should also consider implementing data backup and disaster recovery plan.

So before you make the final decision, sit with your service provider and discuss what criteria they cover under their security protocol and what aspects of cloud instances is secured. Due to security and privacy concerns, many service providers have invested significantly in infrastructure security. But to compensate for what the cloud vendors do not provide, organizations must have access to the security tools to keep their data safe.