Security in the Public Cloud: Finding what is right for you
Blog Post • 3 min read
Security concerns in the cloud pop up every now and then, especially when there has been a public breach of some sort. What many businesses still don't realise is that the public cloud is a shared responsibility, from both the cloud provider and customer. Unfortunately, 99% of these breaches are down to the customer, not the cloud provider. Some of these cases are due simply to the customer not having the competences in building a secure service in the public cloud.
Lack of competence is typical when a business ventures into the public cloud on their own, without a partner with expertise. Luckily:
Another suggestion would be to draw out a priority table of your applications so that you gain the full benefits of the public cloud.
In any case, the baseline security, architecture, cloud platform services need to be created to fulfil requirements in the company security policies, guidelines and instructions. For example:
Cloud comes in many shapes and sizes
- Public cloud platforms like AWS, Azure and GCP
- Medium cloud players
- Local hosting provider offerings
- SaaS providers of variable capabilities and services: From Office 365 to Dropbox
Own data centre | Local hosting provider | Public cloud |
|
|
|
- Nordcloud has the most relevant certifications on all of the major cloud platforms
- Nordcloud is ISO/IEC 27001 certified to ensure our own services security is appropriately addressed
- Typically Nordcloud builds and operates customer environments to meet customer policies, guidelines and requirements
- ISO/IEC 27001:2013 27013, 27017:2015
- PCI-DSS
- SOC 1-3
- FIPS 140-2
- HIPAA
- NIST
Gain the full benefits of the public cloud
The more cloud capacity shifts towards the SaaS end of the offering, the less the business needs to build the controls on their own. However, existing applications are not built for the public cloud and therefore if the application is migrated to the public cloud as it is, similar controls need to be migrated too. Here's another opportunity to build pros & cons table: Applications considered for public cloud migration 'as is', vs app modernisation.'As is' migration | Modernise |
|
|
- Appropriate access controls to data
- Appropriate encryption controls based on policy/guideline statements matching the classification
- Appropriate baseline security services, such as application level firewalls and intrusion detection and prevention services
- Security Information and Event Management solution (SIEM)
Get in Touch.
Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.
Ilja’s passion and tech knowledge help customers transform how they manage infrastructure and develop apps in cloud.
Ilja Summala
LinkedIn
Group CTO