When it comes to cloud security, a lot of companies are in the dark. Ideally, the public cloud operates under a shared security model. This means that cloud customers take care of some aspects of security, while cloud providers take care of others. Unfortunately, this is not universal knowledge – according to research from Check Point, one-third of all IT professionals fundamentally misunderstand this premise, believing that all security should be handled by the cloud provider.
Let’s unpack this – what does the shared responsibility model mean, and how does it apply to you?
The Three Tiers of Shared Responsibility
There are three major types of cloud service, and therefore three variations on the shared responsibility model:
- Software as a Service (SaaS)
Where software as a service is concerned, customers have very little to do. Here, your vendor is providing the infrastructure – the physical servers and switches supporting the application – plus the application stack – the operating systems that support the application – and finally the application itself. All that customers need to protect is the integrity of their user accounts. This means protections such as ID and access management that prevent unauthorized users from seizing control of the application.
- Platform as a Service (PaaS)
PaaS companies largely concern themselves with supporting developers. Developing an application is complicated, requiring vast nested sets of operating systems and run time environments. Therefore, the PaaS company provides these environments (the application stack) as a service, along with its infrastructure.
PaaS customers must provide all the security that they bring to the table for a SaaS environment, while also securing the applications that they’re building or installing. This means that they must both authorize and authenticate users while preserving the integrity of the application itself, preserving sensitive customer information that may be stored within along with 2 factor authentication.
- Infrastructure as a Service (IaaS)
This is the classic cloud model provided by cloud companies where they secure the servers and switches that comprise on the cloud they’re providing. Everything that the customer installs on top of the IaaS platform is their responsibility.
Securing the Cloud isn’t just a Shared Responsibility – It’s a Large Responsibility
As it turns out, even the most forgiving version of the shared responsibility model requires a large investment in security from cloud customers. For SaaS clients, using an IAM (Identity Management) solution to manage their users and protect their accounts from hijacking still represents a large investment in security, and PaaS and IaaS customers have even more to contend with. Add to this the fact that most companies suspect their users are unaware of what it takes to protect the cloud, and you have a recipe for disaster.
With BIOS Secured, you won’t have to worry about the shared responsibility model in the cloud – because we take care of all of it. With 24/7 monitoring and a host of sophisticated tools, we will cover 100% of your security needs – in the cloud, on-premise, or wherever you need us. For more information, contact BIOSME today!
