“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts.”- Security Expert Gene Spafford, 1989
Reality check: Your workloads are potentially more secure in the public cloud than in your own data center. When security considerations give the CISO pause, take a holistic view of cloud security:
- Most public cloud providers maintain security responsibility from the physical layer up through the hypervisor.
- Hyperscale providers like Microsoft Azure invest millions in security infrastructure, FTEs and ongoing audits to support their hardened compute environments and compliance milestones.
- A poorly-designed application will be exploitable regardless of where it resides.
- Placing your workloads into a compliant cloud provider only means their internal controls, processes, and infrastructure meets those compliance requirements. Your individual workload(s) might not.
- Data is encrypted with a lock/key system and while the cloud provider manages the lock, the customer maintains control of the key. If a provider is legally compelled to open the kimono, they deflect back to the customer who maintains key ownership and access.
Bottom line: If you’re architecting an application with a security-first mindset, the cloud provider will handle the underlying infrastructure security and let you focus on innovation. Hey, that’s the fundamental value of cloud!
Courtesy of one of our security partners, Trend Micro, this chart does a fantastic job of describing the shared security responsibility between cloud provider and customer:
CDW can help augment your public cloud security through a broad portfolio, including:
- Application-layer Firewalls
- DDoS Mitigation
- Vulnerability Assessments
- Log Management and Correlation (SIEM)
The best part? Many of these solutions can be spun up right next to your precious application workloads, allowing you to take an assumption-of-breach stance and shore up your defenses accordingly.
Referring back to quotable security expert Gene Spafford, there really is no unexploitable system and it is up to the application owner to assume a feasible security posture. The best public cloud providers offer solid security tools, but it is up to the administrator to implement, configure and monitor these solutions. Now you can augment your security using cloud versions of fully-baked traditional data center solutions (e.g. Cisco ASAv, Palo Alto, etc.)!
To learn more about migrating to the cloud, check out CDW’s collection of cloud-related case studies, trend articles and white papers.
As always, feel free to leave a comment below with any questions.