Issues of Cloud Security
The recent hack of 57 million customer and driver personal details from Uber is a good illustration of customers assuming that their third party cloud supplier (in this case AWS S3) is secure. The cloud infrastructure is sound and secure but where the problem occurs is the applications, which reside on it.
There may be some confusion when we think about cloud security in thinking that it is the security of the cloud is not security in the cloud.
In April 2016, the National Electoral Institute of Mexico suffered a similar breach when 93 million voter registration records were compromised. This was due to a poorly configured database that exposed confidential records publicly available to anyone. Again, the platform was AWS, the notes on the website state;
“While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site data centre.”
Security is the responsibility of the customer. The issue with cloud security is that in order to be comprehensive the security needs designing specifically for cloud infrastructure. Point solutions which are designed for endpoint technology, are not suitable for cloud technology. The other problem is that by installing layered point solutions the difficult task of managing and coordinating these services across a hybrid cloud estate become difficult and costly. Good security is a process of validating configuration and providing comprehensive protection, which can be managed.
Node4 offers N4Cloud Security service to many cloud infrastructures including AWS, Google Cloud, Azure, N4Cloud as well as private cloud and virtual environments collocated inside Node4’s data centre matrix. By providing system and network protection alongside anti-malware and intrusion protection; N4Cloud Security provides a comprehensive, managed, monitored and fully maintained service and solution.
If you would like more information about Node4’s Security as a Service (SECaaS) managed services, please download our latest datasheet.
You can also contact us at firstname.lastname@example.org or call 0845 123 2222