Despite the rise of cloud security breaches, enterprises fail to understand the need to implement a future proof cloud security solution. Two questions we are constantly asked are:
While these questions seem fairly simple and straightforward, to answer them is NOT!!!
It is highly important that the enterprises adopting the cloud are familiar with the shared responsibility of security that is a standard across all the cloud providers. Cloud providers are responsible for security “of” the cloud while security “in” the cloud is the responsibility of the enterprise.
The cloud provider protects the underlying infrastructure of the cloud from vulnerabilities, intrusions, fraud, and abuse, and provide its customers with adequate security capabilities.
However, it is the customer’s responsibility to ensure that they make the most of these security capabilities. Eg: In the case of AWS, it is the customer’s responsibility to enforce necessary access control policies using AWS IAM, configure Security Groups, enable CloudTrial, etc.
All the cloud service providers offer their own native security tools that can be easily configured and deployed. These tools normally reside within the same console as the infrastructure services and hence the tool can be easily used.
For an organisation with very minimal security aspirations, such a tool works perfectly. However, for an organisation that has great security aspirations and operates in a regulated industry such tools are not effective.
The native tools offered by the cloud providers are more of a feature than tools. They do not offer the depth of coverage that a tool like Cloud Control offers. Their capabilities are very superficial.