Last week, we hosted a private screening of Guardians of the Galaxy Vol. 2. The movie and the presentations didn’t disappoint. If you were unable to join us, here’s what you missed:
Guardians of the Galaxy Vol. 2 picked up where the first installment of the series left off. Our band of unlikely heroes continues to travel the galaxy, doing the dangerous jobs that others won’t. Meanwhile, Star Lord learns more about his mysterious lineage. You can expect more Awesome Mix music and plenty of dancing baby Groot. Our “No Spoiler” policy precludes me from going into more details, but check the movie out for yourself!
Pro tip: Make sure you stick around after the credits. This movie includes 5 post-credit scenes!
Before our heroes battled it out on the big screen, our local band of guardians shared some insights on data security. You might be familiar with our security wheel (below). This wheel distinguishes the many different layers of data security – from infrastructure to platform to people and to processes. This model identifies the various attack vectors that your security strategy must account for. If you haven’t seen this wheel presented before, our Star Wars event recap goes into detail. A major focus of the day’s discussion was on how this model applies to a “cloud-first” world. To answer that, we need to understand the concept of “shared responsibility.”
The cloud represents a dramatic shift for many organizations. Migrating to the cloud requires that we think differently about how our applications are accessed and how they are secured. To that end, organizations need to understand what they are responsible for and what their vendors are responsible for. What steps does your vendor take to keep your data secure? What additional responsibility falls to you? The chart below demonstrates this model:
In the chart above, you can see how the responsibility shifts as we move from on-premises to different cloud models – Infrastructure as a Service, Platform as a Service, and Software as a Service. As you can see, each model requires some level of customer responsibility for securing the data. Let’s take a look at what each of these components entails:
- Physical Security – This might be the most obvious on the list. When you migrate to the cloud, your service provider takes on the responsibility of protecting the datacenters in which your data resides. This includes the fences, walls, security guards, and any other means of preventing physical access to your data.
- Host infrastructure – The host infrastructure refers to the underlying compute, storage, and platform services of the cloud. The vendor owns much of this configuration and management, but customers still have a responsibility to securely manage permissions and network access permissions.
- Network controls – These include the configuration and management of network elements like virtual networking, gateways, VPN, firewall, etc. The vendor owns much of the responsibility in a SaaS or PaaS model, but the customer shares responsibility in an IaaS model.
- Application level controls – Application level controls refer to the applications and services that are built on the cloud service. In an IaaS model, customers own the operating system and everything on top of it. Responsibilities include securing, patching, and baseline settings. As we scale towards SaaS, more of these responsibilities fall to the vendor.
- Identity & access management – As we come to identity and access management, we’ve reached the point where all cloud models have a significant security role. Customers must be responsible for delegating permissions and access to the employees.
- Client & end-point protection – While more of your data resides in the cloud, you are still responsible for protecting the devices that connect to that data. This includes encryption, policy enforcement, management, anti-malware, and other responsibilities.
- Data classification & accountability – Lastly, the responsibility of classifying data and managing how that data is handled can only fall to the customer. This requires customers to evaluate their data, determine the most sensitive data sets, and secure those data sets accordingly.
Migrating to the cloud offloads a lot of customer responsibilities. It also can have the unfortunate effect of creating confusion about how these workloads are managed. The shared responsibility model represented and described above is a good blueprint for any cloud service.
Are you looking for ways to secure your cloud workloads? Have any other questions on what steps your organization needs to take? Give us a call at 630.832.0075 or email us at firstname.lastname@example.org.