Cloud security is a hotly contested topic. For those who believe the cloud partner is solely responsible for securing data, they’re in for a rude awakening. In truth, partners are responsible for some cloud security issues, but there is a shared responsibility between the partner and the customer.
The Ponemon Institute looked into the issue in 2017 and found that 32% of those surveyed said they follow the shared responsibility aspect of cloud security, while 34% were evenly divided on the topic.
Sharing Responsibilities
There are a few different cloud service models that allow for a shared responsibility. These include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
When implementing an IaaS model, the partner will manage the facilities and data center(s). They will also be involved in managing processing and interfaces. However, the customer will have the responsibility of managing virtual networks, operating systems, data, middleware, applications, and virtual machines.
In the PaaS model, the partner is responsible for virtual networks, middleware, virtual machines, and operating systems. The customer is limited to managing data, applications, and interfaces.
In the SaaS model, the partner takes on all management responsibilities except data and interfaces.
As you can see, data is the responsibility of the client — always. Cloud security strategies must include backup plans, disaster recovery, and business continuity solutions. This is often tied to compliance issues, which spell out ways in which data, particularly that related to sensitive client information, must be protected.
Define Who’s Accountable for What
When you evaluate your partners, look at the various risk factors and how those risks are mitigated. Every security feature must be fleshed out and your clients need to know how to use them. Also, break down how responsibilities are divvied up in regard to cloud security protocols. Documenting all your internal controls can also help monitor your risks.
Before choosing a partner, you must be able to define exactly what your requirements are in regard to security, and prioritize each need. Also, if you’re going to migrate data to the cloud, you’ll need to know how that’s going to impact your policies.
Everyone’s role needs to be clearly defined before a contract is signed. This is the best way to ensure accountability.
To connect with a partner that you can trust, contact Cloud Source today. We’re focused on connecting our clients with the right technologies including those that provide clear and concise cloud security solutions. Don’t struggle to find the technology that fits your business needs — let us assist you.