When it comes to public cloud adoption, the benefits are clear - business agility, scalability, and cost savings just to name a few - but the grey area of security is still acting as a barrier for users who haven't made the move yet.

The problem with security in the cloud is that most Cloud Security Providers (CSPs) follow the practice of shared responsibility, meaning that some areas of your security duties will fall under the responsibility of the CSP to secure, monitor and update, but some will remain the user's responsibility. This leads to some confusion over where certain responsibilities fall, with users mistakenly leaving areas vulnerable that they believed would be protected by their CSP - which is why we are using this blog to outline the Shared Responsibility Model that most accurately reflects the security offerings of most cloud providers to offer some clarity for those looking to make the move.

 

Shared Responsibility Model

The following image is the best representation of the Shared image745Responsibility Model followed by most providers, showing how
these duties are allocated differently between IaaS, PaaS, and
SaaS - despite the differences between these, it's important to
note that data is always the responsibility of the customer across
the board.

Another easy way to remember your duties is the rule that
Security "OF" the cloud is the responsibility of the CSP, and
Security "IN" the cloud is the responsibility of the user.

Security OF the cloud mainly revolves around protection of the infrastructure, physical security of the cloud, and disaster & incident response - security IN the cloud covers essentially everything else, but most notably includes the management of customer data, access control, application security, and network traffic.

This means, for example, that it would be the CSP's responsibility to prevent or respond to an attempt of a brute-force attack as, although this relates to access control, it would still be a compromise of physical security - an attack trying to gain access through compromising online accounts, however, would be the sole responsibility of the cloud customer.

 

Full list of the cloud customer's usual responsibilities:

Shared Responsibility duties

 

Best Practices

Looking at the long list above, it's clear that cloud providers leave the majority of security duties with the customer, but that doesn't mean you have to manage all of these areas alone - 57% of organisations have already invested in some kind of third-party security solution to compliment their cloud environment, allowing their IT team more time to focus on specific areas instead of having to spread their time and energy across so many different tasks.

There are a multitude of options when it comes to third-party security solutions for the cloud, and your choices surrounding this should be dependant on the unique needs of your company or industry, but to offer some general guidance we have listed below some of the key features you should look out for to make your cloud security management simple & effective.

 

  1. Centralised Management
    The ability to manage various security solutions and features from a single unified platform gives users improved visibility across all devices, applications and other points of entry; saving time, improving insights gathered, and generally benefiting the overall workflow.
    Available with Barracuda Cloud Control
     
  2. Data Encryption
    From email encryption to encryption of specific databases and removable devices - encryption is an essential feature for preventing unauthorised users from accessing confidential data without the required decryption key. 
    Available with Office 365 Essentials and Managed Email Security
     
  3. Multi-Factor Authentication
    Introducing an extra level of authentication reduces the risk of malicious users gaining access to password protected apps and platforms by challenging them to further prove their identity beyond standard credentials - this usually involves a unique code sent to a trusted device or account.
    Available with Web Application Firewall and Barracuda Cloud Control
     
  4. Cloud-to-Cloud Backup
    While SaaS and cloud-hosted environments are great for preventing natural and mechanical failures effecting valuable data, human-caused data loss is still a huge risk. Barracuda's Cloud-to-Cloud backup solution for Office 365 protects Exchange Online mailboxes and OneDrive for Business files and folders from data loss.
    Available with Office 365 Essentials
     
  5. Advanced Threat Protection
    A multi-layer defence solution that pre-filters potential threats like ransomware, protecting all major threat vectors including email, web applications, mobile devices and the network perimeter - all without compromising network performance or security policies.
    Available with Cloud Gen Firewalls, Web Application Firewall and Office 365 Essentials