This is part one of a weekly blog series to discuss the extremely important topic of cloud security and how the three primary service models in cloud computing, Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS), have differing security strategies—which you should become familiar with to secure and protect your customers’ cloud environments.
Cloud Security: Best Practices
Let’s begin with the understanding that security has been around for centuries and many options are available. It’s similar to when an explorer selects their favorite sword and shield to protect and fight against threats. Some shields may work better than others, so the tools you select need to be easy to use, dependable, sturdy and lightweight as you embark on your journey.
Just like the adventurer who enters unknown territory, you should take these same security practices and apply them to your cloud computing strategy —just as you have been for years in conventional computing models. Similar to embarking on a journey to an unknown territory without being prepared or assessing security appropriately, if you deploy your new cloud service or connect to a new server or network outside of your trusted environment, you are leaving yourself vulnerable to attacks that could result in an outage or compromised system.
One core focus of security and your new cloud deployment is awareness. Just like you need to be aware of your surroundings to be safe and protect yourself, you should be aware of your space in the cloud.
This is the same concept as letting someone you’re not familiar with into your home. You let someone new in, but you remain aware of their presence and location so you can determine if they are preparing to steal, break, or hurt someone or something in or around your home. The same logic is considered when you’re away from your home. You are constantly aware of your surroundings and environment so you can to avoid being vulnerable to attack or theft.
Now let’s take our natural security instincts to the cloud and begin with SaaS solutions. First, know that the cloud provider is responsible for managing the agreement related to service level, liability, security and compliance expectations, which are provided to you and your customer. However, when it comes to platform and IaaS, the cloud customer is in charge of handling these same expectations. Meanwhile, the cloud provider only takes on a number of the responsibilities for securing the underlying infrastructure, since service outages can result from something the end user has done.
That’s all for today. In part two, we’ll begin to discuss best practices in more detail—stay tuned!
About The Author
Jason Conine leads the technical services organization for Tech Data Cloud. He holds a Bachelor of Science in Management of Information Systems and a Master’s in Business Administration. Over the last 15 years Jason has earned numerous professional certifications and awards for his efforts in partner enablement, technical services, and solutions architecture. Jason is highly technical with a keen ability to leverage a consultative multi-vendor technical sales approach to ensure the very best in solutions design