enterprisesecuritymag

Security and Vulnerability Assessments through Cloud Platforms

By Enterprise Security Magazine | Friday, November 30, 2018

While organizations face many issues with data security, cloud providers have today convinced them that the data is secured. Public cloud environments like AWS represented a reduced security burden for the companies. Cloud manager has to monitor and control the host operating system, virtualization layer, and the physical security which facilitates a secure cloud. The customer configures and manages the security of the guest operating system and other applications to ensure security within the cloud.

Serverless, or Function as a service, is the present way of developing cloud-based applications. The development teams provide application code as a collection of functions, and a cloud provider implements those functions in an efficient manner. The adoption of new serverless computing raises new questions about the security of applications delivered using serverless frameworks either by customer or cloud. The security model has a clear line between the security of the cloud and in the cloud, and the serverless model shifts some responsibility back to cloud provider managing operating system and customers responsible for running applications. There are some tips that can help security experts prepare the services to run in serverless clouds securely.

Businesses shouldn’t make assumptions about who owns security in cloud environment. The nature of the modern data center is complex which leads to a lack of ownership for some elements in the data center. Making assumptions about who owns security can lead the companies to be in a state of helplessness. Defining rules on who owns the security can prevent a user from becoming a victim of a cyberattack.

The need for complete visibility across all types of workloads in a complex modern data center. Lack of knowledge amongst different workloads makes the cloud a difficult solve problem. To avoid vulnerabilities at each level, the customer team must ensure that the cloud team protects the data.  

Building security into the architecture from the ground up helps cloud provider to achieve the desired tasks efficiently. Security should be taken care of by both the cloud provider and its customer. It is better to implement security measures before an attack to prevent the data access by unauthorized users.

With the emergence in new as well as old workloads, it's important to understand the roles and responsibilities of the cloud provider and customer to prevent vulnerabilities that arise. The shared responsibility model is evolving, and organizations need to understand the redefined responsibilities for cloud security, or they will be left behind.