Frequently asked questions about cloud security
The cloud can be overwhelming, especially if you don’t know where to start. View our cloud security essentials FAQ and overcome your cloud-based confusion.
Shared responsibility refers to a general framework outlining agreed-upon separation of security and maintenance obligations between providers and their customers. Created by cloud service providers, this framework outlines responsibilities that are typically split in such a way that service providers are only accountable for securing and maintaining cloud infrastructure while the customer is responsible security and management of their data and applications.
Along with cost, ease of use and reliability, understanding a provider’s shared responsibility model is a critical distinction when selecting cloud services – especially since that choice may impact the ability of an organization to pass compliance audits and assessments.
There’s a common misconception that public cloud providers handle all aspects of your cloud environment – including security for your data and applications. While it’s true they handle much of the heavy lifting, they’re only responsible for securing the infrastructure supporting the cloud – you’re still responsible for managing your data and applications.
This misunderstanding not only places your compliance at risk, it also leaves your critical data exposed to compromise if integral aspects of your cloud security are unaccounted for.
Confusion about shared responsibility is an industry-wide issue with long-lasting effects. In fact, Gartner predicts that customers, not providers, will be responsible for 95% of cloud security failures through 2020.
With so much to lose (revenue, productivity and reputation), it’s critical that every organization understand their responsibility in the cloud.
We recommend that you ask your cloud services provider for their shared responsibility matrix to learn what they cover.
In 2016, more than one billion records were compromised in security breaches. The individual cost of a data breach is enormous. Data breaches not only put your customer’s information at risk, they can threaten your reputation and the hard-earned trust of your customers. And that’s before accounting for insurance payouts and regulatory fines after a breach.
An effective security program that constantly monitors and manages access to your cloud environment is essential for protecting against threat actors and preventing costly and damaging data breaches.
It could be the difference between success and devastating failure in the cloud.
A Security Operations Center (SOC) is the nerve center of your security program. Staffed 24/7/365 by security analysts configured in multiple teams based on discipline, a SOC monitors and scrutinizes network activity using security technologies. This continuous monitoring allows for rapid response to anomalous activity and coordinated mitigation when network- and machine-level threats are detected.
While seemingly similar, these two cyber security terms differ based on their levels of severity:
Compromise: A “compromise” suggests that an unauthorized user (typically, but not always a threat actor) has accessed your system, but data has not been exfiltrated (i.e. removed from the network).
Breach: A “breach” implies that critical data has been accessed, stolen and has the potential to be released or used maliciously.
Both compromises and breaches must be taken seriously, but the consequences of a breach can be far more severe. In addition, breaches require the company to follow reporting procedures to notify required regulatory organizations and customers.
Managed Security is a broad term for the management of your security posture by a 3rd-party security provider, like Armor.
The biggest benefit of relying on a 3rd-party security provider is that security is complex, specialized, time-consuming and expensive – especially when considering the costs of full-time security staff.
A managed security provider delivers hands-on, 24/7/365 threat prevention, monitoring and response – powered by an expertly staffed and supported SOC. This service is designed to extend the team of in-house IT or InfoSec personnel responsible for security and while also eliminating the need for DIY security tools.
At Armor, “managed” extends beyond defending cloud-based instances to also include compliance support (HIPAA, PCI, GDPR, etc.). Armor customers benefit from inherited compliance controls and access to the compliance expertise in our security operations. This streamlines audits and assessments while also allowing for continuous compliance through security-driven best practices.
The term do-it-yourself (DIY) security tools refers to ad hoc or piecemeal security software or tools that organizations can purchase and implement without sustained assistance from a third party (i.e. service provider).
Organizations seek these solutions for their cost effectiveness and quick implementation. However, while DIY tools are cost-effective in the short term (alleviating the need to build a robust and expensive in-house security program) they require hands-on configuration and management to ensure long-term effectiveness. Without proper implementation, these disparate tools and solutions won’t reach their full potential and may – ironically enough – create additional vulnerabilities for your environment.
And, that’s if you’re even able to select the correct software or tool for your needs. The cloud security marketplace has been flooded in recent years with a plethora of offerings, causing confusion for organizations seeking to develop in-house security programs.
At Armor, we reduce the challenge and the need for DIY-based security programs. We deliver both talent and best-of-breed tools for organizations in the cloud – reducing the need to handle all security aspects in-house.
Dwell time refers to the time between when a threat actor enters a system and when that threat actor is detected or expelled. Obviously, the more time a threat actor spends on a network, the more data is potentially compromised.
That’s why continuous monitoring is crucial. The sooner a threat is detected, the sooner action can be taken to expel the threat actor. In addition, you want to have a plan in place before threats happen so the time between detection and action is as low as possible.
Armor currently boasts a dwell time 100x times faster than the industry average. It’s one of the many ways we deliver industry-best security outcomes for our customers.
There are three different types of clouds: Public, Private and Hybrid:
In the public cloud model, storage and applications are provided online by service providers like Amazon Web Services (AWS) and Microsoft Azure. The service provider bears the burden of hardware, housing and maintenance while the customer is responsible for their data and applications.
Because they’re based entirely online, public clouds are inexpensive and easily scalable, making them a good choice for companies of all sizes. However, public clouds lack the ability to customize your solution and, on their own, present some security challenges as you are essentially handing over your sensitive data to a faceless stranger with servers in some remote location and sharing those resources with many other people and organizations.
Your public cloud provider will secure the data center, physical servers and cloud management platforms, but you’re still responsible for the most sensitive elements, including data, operating systems and applications (see Shared Responsibility).
In the private cloud model, the cloud environment is used by only one business, and the infrastructure is usually purchased, maintained and housed by that organization, although there are service providers that offer private cloud hosting.
Private clouds offer more control and customization and more robust security than public cloud options. However, private clouds tend to be expensive and lack the scalability offered by public cloud providers.
Securing your private cloud requires establishing physical access controls, including a log of who enters that data center and when. In addition, it’s critical to update the physical hardware of your data center as technology advances and threats evolve.
In the hybrid cloud model, an organization uses a mixture of both public and private clouds.
Hybrid clouds offer the best of both worlds with the obvious benefit being that a business can evaluate their needs and take advantage of the best parts of public and private clouds while avoiding the challenges of each. For example, an organization can choose to host only their most critical data on on-site infrastructure but utilize a public cloud for less-sensitive information. There’s also the opportunity to host an application on a public cloud, employ multi-factor authentication for users and allow access to data on a private cloud, taking advantage of the best of both worlds.