Security and compliance applied to the cloud require working together

In recent years, the migration of companies to the cloud has grown strongly and investments made in the adoption of cloud computing must always continue to follow the trend of advances in this powerful technology. Investing in the cloud has become synonymous with a strategic decision and a competitive edge.

We have already seen in other articles published here on our blog that data security has always been a major concern and for a long time was a reason for distrust in adopting cloud computing as an important business tool.

This barrier no longer exists, however, the concern remains real, especially with the various security incidents that have occurred lately.

Cloud computing providers do their part

Cloud service providers like AWS know their responsibility to minimize problems related to attacks. For this reason, they have developed the best practices recommended by the market and adopted the main compliance, control and audit programs required by governments and their laws, in line with the main certifications in the market.

In addition to meeting the main market requirements, investments in security assets are a priority, providing a variety of solutions for companies that have already adopted or are considering adopting the cloud. Some of them:

• Access control and identity
• Using SSL/TLS certificates
• Adoption of encryption keys
• Protection against DDoS attacks
• Security policies and processes

It is worth mentioning that in addition to these examples of adopted security practices, AWS, in partnership with the main suppliers in the market, provides its customers with tools that meet strict security requirements, going far beyond antivirus and firewalls.

But despite all this security and compliance infrastructure, the risks related to attacks, data theft and unavailability of services are high and, even if minimized, incidents still occur that cause great damage to companies and loss of credibility.

Cloud security is a shared responsibility

All protection applied to the cloud infrastructure is the responsibility of the providers, there is no doubt about that. However, customers also have, in a shared way, the commitment to implement security in their own content, platforms, software, systems and networks.

This sharing of responsibility is necessary due to threats and attacks against the infrastructure created by customers, that is, the architecture implemented by companies after they adopted the cloud.

To get an idea of ​​the commitment to security adopted by customers, most attacks currently do not occur due to cloud infrastructure problems, but because of what is implemented internally and the absence of security policies and rules. Let's look at some examples:

• Environment configuration errors
• Lack of updates and application of correction patches
• Absence of internal security controls
• Lack of compliance policies and standards

Some of these examples apply, for example, to access to sites with malicious content by employees, file sharing through e-mails, outdated software, ineffectiveness regarding password and access control, etc.

Realize that working together is essential in this war for information security. Ensuring high availability of solutions and access to sensitive information will always be a shared responsibility. It is also important to reinforce once again that the use of the cloud structure is done by the customer; cloud computing providers, such as AWS, take care of the security of the offered resources.

Sky.One , through its Sky.One staff , can assist in your cloud migration projects, including all concerns related to security. Get in touch right now and find out more.