DEV Community

Cover image for Cloud security: gaps in a "shared responsibility" model
Cossack Labs
Cossack Labs

Posted on • Originally published at cossacklabs.com

Cloud security: gaps in a "shared responsibility" model

If your business works in an area where security matters, “putting it in a cloud that’s secure by design” is a dream.

Expectation: Cloud is a miracle and a relief for companies that need sound computing power and a lot of assets available on demand to many users. Migrating to cloud seems to solve tonnns of operational problems and make companies run high and easy.

vs.

Reality: Cloud operators have a very limited responsibility on security issues. When using "X as a service" platforms, security teams should take into account gaps and grey areas while building their cloud security strategy.


So, you’re planning your new business in an area where security matters, you might be thrilled with choices between IaaS and PaaS, or operating planet-scale cloud database. Yet, builders usually don’t spend much time on clearly articulating cloud security strategy when they are thinking about starting their next project.

However, if you’re in a regulated industry (like finance or healthcare) or face stringent requirements from your business environment (like in legal, insurance, fintech), there are security choices you need to contemplate as well.

Soon, you will arrive at a situation when cloud provider’s security team takes care of many things but still
● there are some things they can’t do for you.
● there are things they won’t do for you. Alas.
● there are things you shouldn’t trust them anyway.
● cloud provider’s liability in worst case is far from what could make you sleep well at night.

Read the new article written by the Cossack Labs' experts to check what blind spots you are to meet and eliminate on your company’s way to safe and secure cloud storage. This blog post will save you miles of nerves, trunk of money, and vacations. 😊

Follow @CossackLabs for more updates on data security, cryptography, and security software design.

Top comments (0)