Fulfilling Your Shared Responsibility for Cloud Security

by Ross Dyer

The recent slew of data breaches on both sides of the Atlantic may have an unusual knock on effect, according to one leading analyst. Ovum’s Tim Jennings blogged last week that incidents – like the much reported TalkTalk attack – are likely to push more organisations towards cloud services. The argument goes that the largest providers now spend huge amounts of time and resources on “end to end security” – making them in many cases a more reliable option than an in-house datacentre.

But as Trend Micro looks forward to attending the Amazon Web Services (AWS) partner summit next week, we’d urge cloud customers to remember that security is not all the provider’s responsibility. There’s much that you need to do to ensure your data stays safe from harm, even after farming it out to the cloud.

Shared responsibility
Cloud computing is transforming the way UK organisations do business. By outsourcing key functions to a third party provider, IT can be more agile, efficient and cost effective – driving productivity and innovation. But as AWS regularly cautions, security in the public cloud is a matter of shared responsibility. What does this mean? It means that, in Amazon’s case at least, the provider will take care of components from the host OS and virtualisation layer down to the physical security of the cloud datacentres – a significant reduction in the operational burden. But it’s not the end of the story.

To be fully secure, IT managers must invest in their own security solutions to ensure their content, platform, applications, systems and networks are protected from the latest threats. This might represent a challenge but it’s also an opportunity – because giving up too much control to a third party provider is often cited as a barrier to cloud adoption. So by choosing the right security tools and services, IT buyers can have the best of both worlds – utilising the scalability, elasticity and reliability of the cloud while retaining governance and control where it matters.

And it certainly matters. Cybercriminals are getting increasingly sophisticated in the way they attack cloud and virtual environments. With the wrong security tools in place, performance can suffer and in the worst case scenario, gaps appear which they are only too ready and able to exploit. The shared multi-tenancy environment means poorly defended VMs could become exposed to inter-VM attacks. And the dynamic nature of those virtual machines can lead to “instant-on gaps” when they’re activated and deactivated in rapid cycles without proper patching.

Securing your cloud
Trend Micro is a trusted partner of some of the biggest cloud platform providers in the world, including Amazon Web Services, IBM, Microsoft Azure and VMware. Our flagship product Deep Security has been architected specifically with cloud and virtual environments in mind, offering unrivalled protection for workloads.

As we’ll be demonstrating to attendees at the partner conference next week, here are just some of the benefits to organisations looking to move to the public cloud:

Optimised proactive protection: IDS/IPS features a lightweight agent to offer instant protection without slowing systems

Virtual patching: enables customers to instantly shield workloads from zero day exploits

Award-winning anti-malware: consistently rated the best performing antivirus solution by AV-TEST, we’ll help you identify and remove malware from Linux and Windows workloads and block traffic to known bad domains

Simple security management: one product covers multiple environments, with simple deployment and ongoing management

Accelerate compliance: Deep Security will help comply with PCI DSS and other regulations and help you easily document prevented vulnerabilities, detected attacks, and policy compliance

Improved visibility: Dashboard alerts help admins quickly identify unplanned or malicious changes to your systems


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.