While more and more companies are migrating their applications and infrastructure to the cloud, shifting operational aspects to service providers such as Microsoft and Amazon. Cloud deployments have become one of the major forms of technology for governments and industry, and have shifted much of the operational aspects of technology to the service providers. However, cybersecurity continues to be a shared responsibility, which needs to be properly managed.
With cloud storage and data processing, responsibility for security is divided between the customer and the service provider, thus division of responsibility depends on the service being used.
Cloud computing users do not have to maintain a staff to design and operate their technology infrastructure, and in some cases, applications. This eliminates the bulk of IT staff. In addition, using cloud may avoid the need to gain IT approvals and allow more rapid deployment of business support systems. 80% of enterprise software expenditure is on installation and maintenance of software. By using cloud with pre-installed software, businesses avoid the cost and the responsibility.
Cloud computing users do not have to scale their physical infrastructure to handle drastic traffic fluctuations and/or predict traffic growth in order to maintain performance. By adopting cloud, engineering and investing for peak traffic is no longer required. Cloud service providers place a great deal of importance on security, and they have large teams of highly skilled security staff ensuring that services are properly protected.
A key characteristic of the large cloud services is that they have extensive security certifications. This means that cloud has become in many ways, a more secure option, then the non-premise technology. While this is a significant benefit for cloud users, it comes as a shared responsibility model and is only part of the security picture for a business. Using cloud-based technology solutions, doesn’t take away the requirement for businesses to understand their security responsibilities and manage their risks.
The initial concept for cloud, has three service layers. At the bottom layer, infrastructure as a service, or IaaS. At the next layer, platform as a service, or PaaS. And then at the top or application layer, software as a service. At each higher layer, the service provider, does more management of the service and the customer has less management.
For software as a service, the customer only has to manage the application itself. The service provider will make sure that the underlying operating system and hardware continue to deliver the application service. The customer doesn’t need to employ system administrators, but just needs application managers.
For platform as a service, the service provider would provide virtual hardware with an operating system, database, programming languages, web servers, and so on, already installed. The customer has system administrators to then manage the operating system and any applications that they install, but not the underlying hardware. The service provider looks after that.
Infrastructure as a service offers raw computing power for customers. It may comprise servers, storage, load balances, network routers and firewalls, and so on. The service provider operates the data center and its utilities, such as power and air conditioning. On the other hand, the customer is provided with virtual hardware on which to load whatever operating system and applications they require.
The customer has systems engineers who manage the hardware as they would for any on-premise physical system, and also system administrators to install and manage the operating systems and applications.
