Even doubters now agree that the forecast of the future of cloud computing is sunnier than ever. As more and more people and organizations transition to cloud services, the question of how to keep the cloud secure becomes more important than ever. Though initially unclear, as the latest report from the Cloud Security Alliance (CSA) suggests, the agreement that cloud security is a shared responsibility between cloud providers and cloud users has now firmly taken hold. How those responsibilities shake out, however, is an ongoing conversation.

The CSAs report,Guideline of Effectively Managing Security Service in the Cloudreleased earlier this October, notes that different types of clouds have different security expectations. But first, its important to understand the different types of cloud environments. Below are the three main categories:

IaaS Iaas, which stands for Infrastructure as a Service, is the most high-level cloud platform, providing users with virtual computing machines for development and storage.

PaaSPaaS, meaning Platform as a Service, allows for users to both build and manage applications in a cloud environment.

SaaS Saas, or Software as a Service, is a licensing model in which a vendor provides its software applications to customers by hosting it through a third-party cloud service.

Much of the confusion surrounding the shared responsibility model comes from these three types of environments. Depending on which environment an organization uses, their responsibilities will vary. Furthermore, different cloud providers may also have their own discrepancies in security expectations. Finally, geographical location also matters. With theGDPRin place, the European Union has additional expectations for organizations utilizing cloud services.

However, there are a few things that always fall on those utilizing the cloud, and specific tools have been developed to assist with these security needs. Organizations employing or hoping to employ cloud services must be vigilant and take proactive measures to ensure the safety of their data. There is no guarantee that a cloud provider will specify exactly when and where security tools should be leveraged.

In order for a cloud service to maintain a customers privacy, identity and access management must remain the responsibility of the organization utilizing the cloud. Additionally, the security of the data that resides in the cloud must also be managed by the datas owner. Finally, security configuration must be kept up to date in order to maintain compliance.

Access management Ensuring limited access to the cloud is critical to maintaining security. Privileged Access Management (PAM) solutions are designed to authorize and authenticate users, giving them only the access necessary to their job functions. For example, Powertech Identity & Access Management (BoKS), utilizesgranular access controlsfor each job role, defining who can have access to each part of a system at any given time, as well as what they can do with that access.

Data security SIEM (security information and event management) software constantly processevent data, looking for threats from a variety of sources within an organizations cloud environment. For example, Powertech Event Manager streamlines security and provides insights into potential security events through data interpretation and threat prioritization.

Security configuration management Ensuring proper configuration across all your systems is critical to ensure your cloud environments safety. Doing this manually is a daunting task that leaves your organization open to the risk of breaches. Tools like Powertech Security Auditor automatically protect new systems as they come online and continuously monitors those systems, identifying and adjustinganyconfiguration settings that dont match yourrequirements.

As long as cloud servers are here to stay, so too is the need to protect them. Since both cloud providers and users have a stake in securing the cloud, it is important to learn what exactly is needed to do your part, and to find the best tools to maintain safeguards for your organizations data. To discuss how Helpsystems can help keep your organizations cloud secure, reach out to one of our security experts today.

Even doubters now agree that the forecast of the future of cloud computing is sunnier than ever. As more and more people and organizations transition to cloud services, the question of how to keep the cloud secure becomes more important than ever. Though initially unclear, as the latest report from the Cloud Security Alliance (CSA) suggests, the agreement that cloud security is a shared responsibility between cloud providers and cloud users has now firmly taken hold. How those responsibilities shake out, however, is an ongoing conversation.

The CSAs report,Guideline of Effectively Managing Security Service in the Cloudreleased earlier this October, notes that different types of clouds have different security expectations. But first, its important to understand the different types of cloud environments. Below are the three main categories:

IaaS Iaas, which stands for Infrastructure as a Service, is the most high-level cloud platform, providing users with virtual computing machines for development and storage.

PaaSPaaS, meaning Platform as a Service, allows for users to both build and manage applications in a cloud environment.

SaaS Saas, or Software as a Service, is a licensing model in which a vendor provides its software applications to customers by hosting it through a third-party cloud service.

Much of the confusion surrounding the shared responsibility model comes from these three types of environments. Depending on which environment an organization uses, their responsibilities will vary. Furthermore, different cloud providers may also have their own discrepancies in security expectations. Finally, geographical location also matters. With theGDPRin place, the European Union has additional expectations for organizations utilizing cloud services.

However, there are a few things that always fall on those utilizing the cloud, and specific tools have been developed to assist with these security needs. Organizations employing or hoping to employ cloud services must be vigilant and take proactive measures to ensure the safety of their data. There is no guarantee that a cloud provider will specify exactly when and where security tools should be leveraged.

In order for a cloud service to maintain a customers privacy, identity and access management must remain the responsibility of the organization utilizing the cloud. Additionally, the security of the data that resides in the cloud must also be managed by the datas owner. Finally, security configuration must be kept up to date in order to maintain compliance.

Access management Ensuring limited access to the cloud is critical to maintaining security. Privileged Access Management (PAM) solutions are designed to authorize and authenticate users, giving them only the access necessary to their job functions. For example, Powertech Identity & Access Management (BoKS), utilizesgranular access controlsfor each job role, defining who can have access to each part of a system at any given time, as well as what they can do with that access.

Data security SIEM (security information and event management) software constantly processevent data, looking for threats from a variety of sources within an organizations cloud environment. For example, Powertech Event Manager streamlines security and provides insights into potential security events through data interpretation and threat prioritization.

Security configuration management Ensuring proper configuration across all your systems is critical to ensure your cloud environments safety. Doing this manually is a daunting task that leaves your organization open to the risk of breaches. Tools like Powertech Security Auditor automatically protect new systems as they come online and continuously monitors those systems, identifying and adjustinganyconfiguration settings that dont match yourrequirements.

As long as cloud servers are here to stay, so too is the need to protect them. Since both cloud providers and users have a stake in securing the cloud, it is important to learn what exactly is needed to do your part, and to find the best tools to maintain safeguards for your organizations data. To discuss how Helpsystems can help keep your organizations cloud secure, reach out to one of our security experts today.

Continued here:

The Shared Responsibility of Cloud Security - Security Boulevard