Closing Cloud Security Gap : With Freedom Comes Greater Responsibility

Amarkant Singh
Sep 29, 2016 · 4 min read

In last couple of years Cloud adoption has gained a lot of momentum. The Gartner global Cloud adoption survey states that 80% of organizations if not already invested in Cloud have shown indications to move to Cloud in coming few years.

One intrinsic property Cloud Computing has is : Elasticity/Agility. I like to call it Cloud Freedom:

  • Freedom to have the required infrastructure whenever you want.
  • Freedom to scale up or scale down your infrastructure as per your need and even as per multiple dynamic parameters.

“The Elasticity & Agility of Cloud provides the Freedom to developers and organizations to scale new heights.”

This Freedom to launch an infrastructure with just few clicks and have it ready for you within minutes is what has made Developers/Engineers to be the prime drivers of Cloud adoption across organizations.

With this freedom, organizations are saving on an average 14 percent of their budgets as an outcome of public Cloud adoption, according to Gartner’s 2015 Cloud adoption survey.

“With Freedom comes greater Responsibility .”

This Freedom, if not handled with greater responsibility, can very easily wash away the 14 percent saved on budgets!

During early adoption days of Cloud, the major concern everyone had was around security. All major public Cloud providers, especially AWS, in past few years, have demonstrated successfully that their services are resilient and their infrastructure has the best possible security measures. Thus, adding to the momentum of Cloud adoption.

The security measures demonstrated by public Cloud service providers in recent times suggest that Cloud with it’s world class security best practices is even safer than on-premise data centers! For example, AWS has even gone ahead and got security compliance certifications like PCI DSS and ISO 27001.

But this absolutely doesn’t mean that once you move your infrastructure to Cloud, you can now forget about security! Moving to Cloud certainly reduces scope of some of traditional security tasks, but doesn’t eliminate them all together. Plus the added Freedom brings in the added security challenges.

Security of infrastructure on Cloud is a shared responsibility. All public Cloud service providers advertise this upfront.

“Security in the Cloud is a shared Responsibility.”

You as a customer of public Cloud services is responsible for your data security and access management of your Cloud resources. If we consider AWS EC2, a public Cloud infrastructure service, you are responsible for:

  • Amazon Machine Images (AMIs), Operating systems & Applications
  • Data in transit, Data at rest & Data stores
  • Credentials, Policies & Configurations

So, overall there are 4 major core areas of the threat landscape you need to tackle with respect to security of your Cloud infrastructure:

  1. Access Controls
  2. Network Security
  3. Data Security
  4. Activity & Access Trail

Here are some of the most important best practices you must follow to close the security gap within your Cloud infrastructure.

Grant least privileges

Enable all the detective services

  • AWS CloudTrail Logs (Even in regions where you don’t have instances)
  • Enable VPC Flow Logs
  • Enable ELB Access Logs
  • Enable AWS Config

Encrypt data at rest as well as in transit

Architect networks with desired segmentation

Backup the backups!

Every team which is elated with the Freedom provided by Cloud must also bring in the much required discipline within the team to ensure the security of their Cloud resources. Security leaders within such teams must strive to bring in processes to inculcate the required discipline. They must also bring in the habit of regular audits, preferably automated.

One last quick advice, rotate access credentials regularly! Again, it’s about being disciplined as a team and ultimately being more responsible to ensure security of your Cloud infrastructure.

PS: You can hear me talk on AWS Security Do’s and Don’ts — Tackling the Threat Landscape in below listed webinar recording.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store