We see all businesses small or big, consuming cloud technology in one or another way. The pandemic has increased the adoption substantially and before that security was one of the drivers of moving to the cloud.
While we help businesses to realize the benefits of cloud technologies, we are concerned about their misunderstanding (especially small & medium) that moving to cloud will take away their responsibility and everything is managed by cloud provider including security.
It is super important to have a clear understanding of everyone’s responsibility. Some examples below:
- In case of SaaS services (e.g., Microsoft 365), you need to ensure that you are following the best practices to keep your account secure. Some of these are:
- Implementing Multi Factor Authentication (MFA).
- Disabling the services & accounts that are not required including legacy authentication.
- Have right process & procedures (onboarding & offboarding).
- Use Single Sign On/Single Identity to reduce the attack surface.
- Use premium security offerings like Advanced Threat Protection (ATP), Azure AD Premium, Intune etc.
- In case of Cloud platforms (IaaS & Pass):
- Make sure that you have opened only the required network traffic.
- Patching your servers regularly.
- Using offerings like Web Application Firewalls, DDoS protection etc. to protect your workloads.
- Protect database servers by isolating then in a different network.
Here is a diagram from Microsoft to help you understand the shared responsibility.
Another very important factor is to have regular monitoring & audit of the environment. This preventive approach helps you avoid security breaches and downtime. You can use the services of a Cloud Solutions Provider to this for you.
It is the responsibility of cloud solution providers to share this information and making sure that customer is aware of this. To tackle with this, we at Mismo Systems has decided that all of customers will be managed. This will make it little difficult for us to compete in the market due to increased cost of adding managed services by default. However, we think it’s the only way and is in best interest of our customers.
You can read about Mismo’s Managed Services here.
Let’s understand our responsibility and have safe cloud computing!