Cloud services are often a great number of advantages, but also concerns. Despite many assurances from the cloud provider, there is always a grain of probability that our data is at risk. Is the level of security offered by cloud providers too low or are other factors influencing the level of security?
It’s hard to answer this question if you don’t have enough knowledge on the topic of security and responsibility sharing in the cloud. Not surprisingly, unfamiliarity with the topic deters users from choosing cloud computing as their primary infrastructure for operations. Today’s post I would like to focus on the factors that are responsible for keeping our data in the cloud as secure as possible.
The biggest mistake of users moving to cloud computing is the idea that they won’t have to worry about anything anymore, everything will happen automatically. The cloud is, after all, an external service, so total responsibility should be borne by the cloud provider. Unfortunately, this assumption misses the mark. As in the case of building an infrastructure based on classic hosting services (dedicated servers, VPS), only the proper architecture of the solution and the correct configuration of services provide us with security and continuity of operations.
The first rule we should familiarize ourselves with before using cloud services is the principle of shared responsibility. These are rules that inform us about the division of responsibilities – from the cloud provider’s side and ours – the user’s side.
Amazon Web Services has released detailed information related to responsibility sharing. Safety and compliance is a shared responsibility between two parties. Service providers, i.e., Amazon Web Services, which implements and operates measures related to the very cloud security and customer, which, when deploying and operating various types of cloud computing assets, has a duty of care to the appropriate selection of services and, more importantly, their configuration. And in order to do this, we need to have competence inside the organization or support ourselves with external specialists.
The common model aims to reduce customer liability. Amazon Web Services controls the virtualization layer as well as the physical security of devices a using higher level services like operating system components or even platforms in the FaaS (Lambda) model. The service provider assumes all responsibility related to the operation of the infrastructure, which includes hardware, software, network and equipment. The supplier must provide an efficient environment and services.
The client’s responsibility is determined by the client himself. It formulates itself when it selects the services it will use. Responsibilities vary depending on the services, connection to the IT environment and applicable regulations, so it is important that the choice is well thought out. First of all, the customer should configure the services with respect to security. To illustrate, I will show examples on two of the most popular AWS services. Deciding on Amazon EC2, which is infrastructure as a service (IaaS),
customers are responsible for managing the operating system, software and installed firewalls in the instances. The second most popular service is Amazon S3 – in its operation, the customer will be responsible for managing data, classifying resources and setting permissions from IAM tools.
Amazon Web Services is releasing content on an ongoing basis regarding not only new services, but also security. The latest update is from January of this year. In it we can find a scheme of differentiation of responsibility, which describes exactly which elements which party is responsible for.
By taking care of and following the principles of cloud services, we can create an integrated, optimal and flexible environment that provides us with the highest level of data security. Everything depends on our actions.