INTELLIGENT ENTERPRISE SECURITY
Enterprises responsible for
their cloud security
While cloud providers look after integrity of their applications, enterprise data
and access needs to be managed by the end user. Scott Montgomery from Intel
Security explains more.
S
ecurity has long been the principal
fear that weighs on cloud
investments. While perceptions are
improving, recent surveys found that data
breaches remain the biggest concern of
companies deploying Software as a Service,
Infrastructure as a Service, and even private
cloud models. These concerns, however, are
not stopping enterprises from investing in
the cloud.
Budgeting for security in the public cloud
begins by considering which applications
and infrastructure components will live
there. Some, like website hosting and
document serving, are of relatively low
risk and do not demand the most stringent
safeguards. Also consider the consumption
models you will use.
SaaS providers generally assume
responsibility for security and the
application and system levels. However,
IaaS providers tend to cede those
responsibilities to the customer. What is
more, no public cloud provider is likely
to assume responsibility for user access
and data protection, although there are
measures they can take to support your
own efforts.
There are three levels of security to
consider as you build out your public cloud
strategy:
Systems security
This is secured plumbing, systems-level
components such as operating systems,
networks, virtual machines, management
utilities and containers. Here, you want
to invest in cloud providers that make it
easy for you to keep your systems current
with the latest patches and updates. The
service provider should also provide
thorough visibility into your cloud
53