Cloud Security Fundamentals

The average cost of a ransomware or data breach is around 4.5 million US dollars. 40% of the attacks in 2021 originated from publicly accessible and vulnerable systems. Running services in public cloud has huge advantages for agility, efficiency and security; however you must understand the shared responsibility model to get a clear picture of the risks you are taking.

When you build services in your own data centres ('on-premises'), you are entirely responsible for the security of your service. When you use cloud services, you delegate management of parts of the service and hence some of that security responsibility to the cloud provider. The amount that you are directly responsible for, and the amount of responsibility that you delegate to your service provider will vary, depending on the service that you use.

The design of a hyperscale public cloud platform makes it much easier for them to meet security responsibilities effectively than traditional architectures. You should, therefore, delegate as much responsibility for security to your cloud platform as you can.

Regardless of which services you adopt, you will always be responsible for:

• Ensuring that the service can meet your security needs

• Securely configuring the services that you have chosen to use

• Deciding which data you store in the services you use

Penetration testing, configuration checks, and red team exercises focus on the parts of the cloud service that you have taken direct responsibility for and this is where StackPartners can help. Our cloud security experts provide penetration testing and security configuration assessments with remediation advice to ensure you have a clear picture of your risks and that your technology stack and data are protected. Get in touch now to learn more or speak to one of our consultants.