Security and compliance applied to the cloud require work together

In the last few years, the migration of companies to the cloud has seen a strong growth and the investments made in the adoption of cloud computing must always follow the trend of the advances of this powerful technology. Investing in the cloud has become a synonym of strategic decision and competitive advantage.

We have already seen in other articles published here on our blog that data security has always been a major concern and for a long time it was a reason for distrust in adopting cloud computing as an important business tool.

This barrier no longer exists, but the concern is still real, mainly due to the different security incidents that have occurred lately.

The computer providers in the cloud do their part

Cloud service providers, such as AWS, are aware of their responsibility to minimize problems related to attacks. For this reason, they developed the best practices recommended by the market and adopted the main compliance programs, controls and audits required by governments and their laws, aligned with the main certifications of the market.

In addition to understanding the main requirements of the market, investments in security assets are a priority, as they provide different solutions to companies that have already adopted what they plan to adopt on the cloud. Some of them are:

• Access control and identity
• Using SSL/TLS certificates
• Adoption of encryption keys
• Protection against DDoS attacks
• Security policies and processes

It should be noted that, in addition to these examples of adopted security practices, AWS, in association with the main providers of the market, offers its customers tools that comply with the strict security requirements, which go much further than antivirus and firewalls.

However, despite all this security and compliance infrastructure, the risks related to attacks, data theft and unavailability of services are high and, even if they are minimice, incidents continue to occur that cause great harm to companies and loss of credibility.

Cloud security is a shared responsibility

All protection applied to the infrastructure of the cloud is the responsibility of the providers, there is no doubt about it. However, customers also have, in a shared way, the commitment to implement security in their own content, platforms, software, systems and networks.

This shared responsibility is necessary due to the threats and attacks against the infrastructure created by the customers, that is to say, the architecture implemented by the companies once adopted by the cloud.

To give an idea of ​​the commitment to security adopted by customers, a good part of the attacks currently do not take place due to problems with the infrastructure of the cloud, rather because of what is implemented internally and due to the absence of policies and rules security. Let's see some examples:

• Environment configuration errors
• Lack of updates and application of correction patches
• Absence of internal security controls
• Es case z of policies and standards of compliance

Some of these examples apply, for example, to access to sites with malicious content by employees, the exchange of files through electronic mail, outdated software, ineffectiveness with regard to the control of passwords and access, etc.

Note that working together is fundamental in this war for information security. Ensuring high availability of solutions and access to sensible information will always be a shared responsibility. It is also important to reinforce once the use of the cloud structure is carried out by the client; cloud computing providers, such as AWS, ensure the security of the resources offered.