CLOUD SECURITY + FEATURED Ervin Daniels todayJuly 17, 2021 98
Cloud adoption is accelerating. It’s no surprise that the cloud unlocks tremendous business opportunities, but moving to the cloud requires organizations to rethink security. It begins with understanding the adoption model.
In a traditional model, the organization would own and manage 100% of its workloads. The ownership and management of the data center and everything within it dissipates when migrating from legacy to cloud. A cloud model is a shared responsibility between you as the cloud customer and the cloud service provider (CSP).
Consider three available cloud services or adoption models: PaaS – Platform-as-a-Service, SaaS – Software-as-a-service, and IaaS – Infrastructure-as-a-service.
Platform-as-a-Service
When you look at PaaS, you’re building applications, migrating data to the cloud, and building native cloud applications. The CSP is responsible for managing the protection of the cloud platform. You are responsible for the security of the applications, workloads, and data.
The cloud provider must ensure that the workloads are compliant and secure (e.g., network security, runtimes, container security, isolation, etc., so that the customers can have their own space within the platform.
Infrastructure-as-a-Service
If you’re adopting IaaS and migrating workloads to the cloud, then the CSP manages the hypervisor on down. In this case, you are using virtual servers. Or, if you’re using bare metal, you can completely control everything and up, including the (e.g., virtual servers, OS, applications, and data).
Software-as-a-Service
The CSP manages all of its applications and security. You only worry about securing the data and governance.
The cloud customer will always be responsible for data, governance, risk and compliance in each adoption model. You may also consider Private, Public, or hybrid cloud deployment. In either deployment model, consider those factors as well. Your portion of the security will vary for each.
Success starts with a security strategy. You must understand your business drivers to determine its security needs. So, before rethinking security, plan to spend some time identifying which cloud adoption model fits your organization’s business needs before moving to the cloud and driving digital transformation.
Cybersecurity Architect with over 25 years of Technology and Security leadership and hands-on experience across various industries (retail, public, financial services, and technology).
Written by: Ervin Daniels
Cybersecurity Architect with over 25 years of Technology and Security leadership and hands-on experience across various industries (retail, public, financial services, and technology).
CYBER THREAT MANAGEMENT Ervin Daniels
Ervin DanielsCybersecurity Architect with over 25 years of Technology and Security leadership and hands-on experience across various industries (retail, public, financial services, and technology).
©2020 Ervin Daniels. Designed By Tru Brand Media Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of IBM.
Post comments (0)