Sharing the Responsibility for Cloud Security with Your Cloud Provider

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

If you are using the public cloud, your company is sharing common infrastructure with other companies. This concept of sharing is at the heart of the cloud model – you get access to advanced virtual server environments at a lower cost because you share this infrastructure with others. But in addition to these benefits, you are also sharing security risks. Your cloud provider has the responsibility of securing the physical and logical aspects of the infrastructure and operation system in the cloud environment. You can minimize some of your security risks by choosing the right cloud provider. However, in some cloud environments, you need to share security responsibilities with your cloud provider. For example, if you are using IaaS, you are responsible for the security of your virtual resources once they have been provisioned.

As described in the previous section, the cloud provides your business users with a greater level of control over their IT environment. IT users also have much greater control over provisioning IT assets. Without understanding the risk involved, users have the potential to easily provision images without providing the right level of attention to security. You need to manage resources provisioned in the cloud with the same attention to security as used in your internal data center. All users of cloud virtual machines need to understand that all provisioned instances must adhere to your company security standards.

After you have provisioned an image, you need to take responsibility for the patch management of that instance as well as additional images you create from that instance. For example, you need to keep up-to-date with vendor bulletins and apply required security updates, fixes, and patches to your software.

Having an inadequate identity management process opens up vulnerabilities that can impact the security of your environment. You can also put other customers of your cloud provider at risk if you have a weak identity management process and create vulnerabilities and open points of entry for hackers. You will need to have a process for:

User ID request process

User ID approval process

User ID revalidation process

User ID revocation process

Password management guidelines

Password strength guidelines

If you fail to maintain the right level of security, your cloud provider may decide you are a poor risk and can refuse to provide you with services.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Sharing the Responsibility for Cloud Security with Your Cloud Provider

Create new playlist

Sign In

Sign Up

Table of Contents for
Sharing the Responsibility for Cloud Security with Your Cloud Provider