8 MIN. READ
Just as you need to be aware of blind spots when you drive your car, you also need to check for blind spots as you move your company to the cloud. Dazzled by the agility, capital expenditure reductions, efficiencies, and productivity gains the cloud offers, many chief information officers miss four dangers that are hidden in plain sight.
Blind Spot No. 1: Security in the public cloud is a shared responsibility
Adopting a public cloud (also known as Infrastructure as a Service, or IaaS) is a lot like renting a flat. Both IaaS and apartments require that you share responsibility for infrastructure and services. For flats, the property owner is responsible for everything outside—landscaping, sewers, and sidewalks. Individual renters are often responsible for everything inside—furniture, fixtures, heat, and hot water.
Likewise, in the public cloud, vendors provide basic infrastructure for the “outside” of your app—such as physical servers and guest operating systems—while you handle the “inside” of the app itself and whatever technologies or tools support it.
Knowing who is responsible for what is critical because security can be compromised at either level. The head of global security programs at Amazon Web Services (AWS) once said that the thing that keeps him up at night is not the security of the AWS environment itself (the outside), but “the customer not configuring their applications correctly to keep themselves secure” (the inside). If you plan to integrate an application component like payment processing to your mix, you’ll want to ask your cloud vendor what options exist in the broader ecosystem to assist in protecting your applications.