It’s been shown that the average cost of a serious data breach in a major company can reach nearly four million dollars. This is not even including the reputational damage the company’s receives, which incredibly hard to calculate, and even harder to tell if they’ll completely recover.
Consumers also need to be mindful of this – any leaked data has the potential to fall in bad hands, and make them susceptible to identity theft, monetary theft and fraud. For these reasons, and many more, both businesses and consumers need to look very closely at the cloud products that they consuming.
If you haven’t had an opportunity to explore cloud security, I’ll be giving an introduction talk for Ascend Global Media on May 26. Until then, this brief article will discuss how cloud service models dictate security at a basic level.
Cloud and Security Risks
There can be many risks with security in the cloud, and most of these relate to its inherent nature. Because cloud data exists off-site, it is much more vulnerable to intrusion in third-party servers. Also, as more of a company’s systems transfer from their prior location into the cloud, their integrity is harder to maintain.
As processes transfer back and forth between a company and their cloud server, it becomes much harder to ensure the data is secure. Whenever data passes outside of your systems, it is vulnerable to third-party interference. For this reason, encryption of secure data has become a standard practice in the tech world.
The Cloud Service Models and Impacts on Security
Recalling the three primary methods of providing cloud services, each has its own implications on what aspects of security are the cloud services provider’s responsibility, and the ones that are yours. It’s a responsibility that is shared. Not having a good understanding of this can cause gaps, and increase the likelihood of security threats and risks.
Infrastructure as a Service (IaaS): At this level, customers would handle their updating of operating systems, as well as securing any network traffic, any applications that they are using, and the data associated with it, and what users have the authority to access. The cloud service provider is responsible for ensuring the physical safety of the servers being used, securing the location of the servers from unauthorized people, and any required server maintenance.
Platform as a Service (PaaS): Here, the cloud service provider assumes the responsibility of updating/securing their operating systems and incoming/outgoing network traffic. The customer is solely responsible for securing applications and their associated data, and user access
Software as a Service (SaaS): The cloud service provider is on the hook for providing data security in all layers. This is everywhere from the hardware on which the server runs all the way through to updating and patching the used software itself.
SaaS-based services let users off the hook for just about all of the security responsibility and can be a plus if you don’t have the time or resources to constantly monitor threats or address issues. But the caution is that you have to 100% trust that your cloud service provider is diligently putting internal mechanisms in place to protect the entire stack and proactively protecting against threats and risks.