Elevity Services

READY TO ELEVATE YOUR TECHNOLOGY?

Gain a deeper understanding of how Elevity’s approach to technology management will impact your organization.

About Elevity

Elevity is one of the largest and most capable technology management providers in the Midwest. Our team of technology experts can help you reach a truly elevated level of IT strategy, security, solutions and support.

A division of

GFC-2021-Logo_Blue

NEXT EVENT: FEBRUARY 3

How to Insure Yourself Against a Cyberattack

Learn more →

support-icon
map-icon

Headquarters

2675 Research Park Drive
Madison, WI 53711

A division of

GFC-2021-Logo_Blue

Cloud Security – Who's Responsible?

Peter Niebler
09/19/2016
gray-wave-full
Facebook LinkedIn Twitter Email

It’s a ubiquitous question posed to every Cloud Solution Provider – and so are the corollaries that follow:

  • Will you guarantee that my data won’t be hacked?
  • If it’s safe, then why won’t you accept liability for it?

To those considering a seismic shift from on-premise servers to Cloud hosting, these questions are simple, logical and not at all inconsistent which one another. Daily news stories, including the recent DNC Wikileaks hack, heighten awareness and concern.

At the heart of these questions, however, is a fundamental misunderstanding – Customers remain responsible for the security of their own data in the Cloud.

Cloud hosting subscribers typically believe that once data is uploaded to the Cloud, their responsibility for security is absolved and shifted to the provider. Amazon Web Services prepared the graphic above to illustrate that this is not the case. It details the distinction between security “in” the Cloud and security “of” the Cloud.

Security “In” vs “Of” the Cloud

While the specifics between Cloud providers may vary slightly, the concept remains the same:

  • In” the CloudCustomer Responsibilities
    1. Access control to all components, applications and data
    2. Configurations of operating systems, networks, firewalls and remote access
    3. Encryption at rest, in transit, at the client and on the server

In most cases, the Cloud solution provider does not have direct access to the internal applications or operating systems on hosted instances. So these items fall to the customer.

  • “Of” the CloudCloud Provider Responsibilities
    1. Access control to physical facilities, components and connections within their network
    2. Configurations of locations, clustered facilities and website edge resources
    3. Certification audits including SOC, FedRamp, HIPAA, and others
    4. Certified destruction of abandoned storage disks

Security in the Cloud is a partnership. The advice I give customers? Treat your hosted Cloud servers with the same or greater attention to security details as you would for an on-premise server.

Subscribe by Email