Cloud Computing: Responsibility & Accountability of Security

It’s all about the data. I have been involved in cloud computing since 1999 (although we called it multi-tenant hosting & ASP – application service provider) and for sixteen years security has consistently been the #1 concern when organizations are asked about their adoption of cloud models. The concern does not reside with the use of a storage array they have no access to or the utilization of a virtual machine cluster in some unknown data center, it’s all about the data and sensitive information. More so, it’s about the loss of control over this data that is the real concern.

  • Security is still your responsibility and you are accountable.
  • Transferring of existing or legacy control and security models to the cloud is not a complete strategy.
  • One size does NOT fit all – shared responsibility models vary from cloud provider to cloud provider and between cloud model utilized (example – IaaS or EFSS varies significantly from SaaS or DaaS).
  • Cloud providers can’t, won’t and shouldn’t be held exclusively responsible for any data loss or breach.

It’s imperative that consumers of cloud services and resources understand clearly that although it is absolutely a shared responsibility between the consumer and cloud provider, they are fully accountable when it comes to governance, control, management and security of sensitive data in these cloud models.

Questions to ask yourself:

Do I control the access and encryption keys/management to my data?

What rights do cloud admins have over my data?

Where does the shared responsibility decision begin and end?

What sovereignty and data governance controls do I have vs the cloud provider?

Do they comply with the Cloud Security Alliance or NIST best practices?

And of course, am I compliant in the cloud and can I prove and pass an audit?

How secure is your data in the cloud?

WinMagic offers you a solution that brings intelligent key management to enterprise file sync and share, allowing companies like yours to closely control saved data. Find out how SecureDoc CloudSync  can work for you and your business by contacting WinMagic today at 1-888-879-5879.

 

Previous Post
We’ve Been Hacked! 3 Questions to Ask Before Assigning Blame
Next Post
Opal, Opalite & Pyrite Self-Encrypting Drives (SED)

Related Posts

Securing the Cloud

Recently it was revealed that Oregon Health & Science University (OSHU) staff were storing patient data in a cloud storage solution – namely, Google Drive. What’s the big deal? It’s Google, it has to be secure right? (more…)
Read more

It’s Time for a Better IaaS Security Solution

Earlier this month, WinMagic announced the general availability of the new security software solution that provides full enterprise controlled key management and encryption for virtual works load running in public and private IaaS environments, SecureDoc CloudVM. (more…)

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu