It’s a ubiquitous question posed to every Cloud Solution Provider – and so are the corollaries that follow:
To those considering a seismic shift from on-premise servers to Cloud hosting, these questions are simple, logical and not at all inconsistent which one another. Daily news stories, including the recent DNC Wikileaks hack, heighten awareness and concern.
At the heart of these questions, however, is a fundamental misunderstanding – Customers remain responsible for the security of their own data in the Cloud.
Cloud hosting subscribers typically believe that once data is uploaded to the Cloud, their responsibility for security is absolved and shifted to the provider. Amazon Web Services prepared the graphic above to illustrate that this is not the case. It details the distinction between security “in” the Cloud and security “of” the Cloud.
While the specifics between Cloud providers may vary slightly, the concept remains the same:
In most cases, the Cloud solution provider does not have direct access to the internal applications or operating systems on hosted instances. So these items fall to the customer.
Security in the Cloud is a partnership. The advice I give customers? Treat your hosted Cloud servers with the same or greater attention to security details as you would for an on-premise server.