When it comes to cloud security, organizations can be their own worst enemy. Gartner predicts that, through the year 2022, at least 95% of public cloud security incidents will be the result of the customer’s own misconfiguration.
With migration to the cloud becoming more and more commonplace, it truly is critical that organizations understand how operating in the cloud can impact their security requirements.
Differences between private and public clouds
When cloud technology first emerged, one of the main hesitations for migrating workloads to public cloud platforms was the security capabilities to protect data. Many believed that – because they had greater control over their private cloud networks, hypervisors and services – data would be inherently safer on-premise than it would be in a public cloud.
Today’s public cloud providers consist of a handful of technology giants that have invested heavily in infrastructure and offer a variety of value-add services, such as diagnostics, customized aggregation of multiple cloud services, and the incorporation of more-mature REST APIs. Private cloud providers, on the other hand, are generally smaller in the size of their business and the breadth of service offering. But – make no mistake – both cloud models have their advantages.
For organizations that want to cut or control expenses, the public cloud is generally the better option and one of the easiest ways to reduce operational costs. For organizations with stringent compliance or regulatory requirements, private clouds are better equipped to support their needs with a wider range of protections and higher levels of control over the network.
The other major difference between the two and, perhaps, the most important, is the responsibility for network security.
Who’s responsible for keeping clouds up-and-running and safe?
Security in public vs. private clouds differs in some fundamentally significant ways. In the public cloud, security is a shared responsibility. Cloud service providers (CSPs) are responsible for the physical security and operations of their data centers, including perimeter security, security staffing, surveillance, hypervisor management, access control policies, networking, hardware, data aggregation and computing capabilities, and much more. CSPs also maintain their own globally distributed and available networks of services, edge locations, and database services.
Anyone who has built or operated a data center knows that these undertakings are not trivial. In addition, CSPs invest enormous sums into the integrity and security of their platforms. In many ways, most of us can’t compete with their level of investment when it comes to securing our own data centers.
If you’re a tenant of a public CSP, the most important thing to understand is where the CSP’s responsibilities end and yours begin – to know what gaps you need to fill and what security benefits you gain. For example, encrypting data in-transit and at-rest is up to you. This is especially important because, according to the Open Web Application Security Project (OWASP), not encrypting sensitive data is one of today’s most common security flaws.
As a public cloud customer, you’re also responsible for keeping your operating systems patched, managing firewall rules for your cloud regions and accounts, and securing the configuration of any platforms you operate. Perhaps most important of all, identity and access management (IAM) remains your obligation entirely.
It’s important to note that many of these responsibilities still apply in private clouds. Depending on the private cloud provider, the shared responsibility model might still apply. If you’re managing your own data center operations, you’ll be expected to take on all security responsibilities and secure the same resources that cloud providers do.
What’s different about the AWS Public Cloud?
In a word: Totality. The AWS Public Cloud offering is unique in terms of both its maturity and the breadth of its security services. While Microsoft Azure is known for its strong service-compliance portfolio, and Google Cloud Platform for its very innovative security services, many cloud customers choose AWS for its combination of thoroughness, pervasiveness, partner ecosystem, and service maturity.
AWS was founded in 2004 and, in 2006, was the world’s first provider of public cloud services. Today it operates in 190 countries and supports over a million active customers, from individuals and small start-up companies to governments and some of the largest organizations in the world, including Adobe, Comcast, Dow Jones, and PBS (to name just a few).
AWS has a history of quickly deploying new services that are maintained by AWS or the original developer. As a result, AWS’s portfolio of functionality tools is continually and rapidly expanding. Its robust Partner Network also includes professional firms that work directly with customers to help them design, architect, build, migrate, and manage their workloads and applications on the AWS cloud.
Finally, when it comes to security, multiple compliance certifications and adherence to privacy laws from around the world have made AWS the trusted CSP of “weak-links-are-not-an-option” organizations like Nasdaq, Dow Jones, HealthCare.Gov, and others.
Armor is proud to count itself among the very few companies selected by AWS to support its security and compliance operations. Our credential is one that’s awarded only to providers that have demonstrated technical expertise and proven customer success in this area. As an AWS Partner, we relieve AWS customers from the financial and operational requirements of the shared responsibility security model by protecting their AWS-hosted data with the highest levels of protection, compliance, and transparency. By eliminating their need for additional security headcount or investments in security tools, we’ve helped many AWS customers significantly reduce the costs associated with their cloud security responsibilities. AWS Advanced Security Competency Partner credential is one that’s awarded only to providers that have demonstrated technical expertise and proven customer success in this area. As an AWS Partner, we relieve AWS customers from the financial and operational requirements of the shared responsibility security model by protecting their AWS-hosted data with the highest levels of protection, compliance, and transparency. By eliminating their need for additional security headcount or investments in security tools, we’ve helped many AWS customers significantly reduce the costs associated with their cloud security responsibilities.
A Cumulo-Nimbus of Confidence
AWS has not only been a leader in cloud technology, it’s been a role model in the development trust. In addition to the professional-firm partners previously noted, AWS maintains a comprehensive library for customers on its website with documentation and tutorials for getting started with AWS and getting the most out of its service. The company is quick to share best practices, emerging risks, and lessons learned, and it maintains active blogs about cloud architecture, security, and the responsibility model.
If AWS dominates the public cloud marketplace by a wide margin, there are plenty of good reasons why. Of course, the market will continue to grow, and other players will certainly enter the field. But even though AWS secured a big lead by being the first, resting on its laurels does not appear to be a part of its operation code.