Sharing the Responsibility for Cloud Security with Your Cloud Provider
If you are using the public cloud, your company is sharing common infrastructure with other companies. This concept of sharing is at the heart of the cloud model – you get access to advanced virtual server environments at a lower cost because you share this infrastructure with others. But in addition to these benefits, you are also sharing security risks. Your cloud provider has the responsibility of securing the physical and logical aspects of the infrastructure and operation system in the cloud environment. You can minimize some of your security risks by choosing the right cloud provider. However, in some cloud environments, you need to share security responsibilities with your cloud provider. For example, if you are using IaaS, you are responsible for the security of your virtual resources once they have been provisioned.
As described in the previous section, the cloud provides your business users with a greater level of control over their IT environment. IT users also have much greater control over provisioning IT assets. Without understanding the risk involved, users have the potential to easily provision images without providing the right level of attention to security. You need to manage resources provisioned in the cloud with the same attention to security as used in your internal data center. All users of cloud virtual machines need to understand that all provisioned instances must adhere to your company security standards.
After you have provisioned an image, you need to take responsibility for the patch management of that instance as well as additional images you create from that instance. For example, you need to keep up-to-date with vendor bulletins and apply required security updates, fixes, and patches to your software.
User ID request process
User ID approval process
User ID revalidation process
User ID revocation process
Password management guidelines
Password strength guidelines
If you fail to maintain the right level of security, your cloud provider may decide you are a poor risk and can refuse to provide you with services.
18.220.174.191