Public Cloud Security : The solution to Information System’s security concerns ?
Not so long ago, surveys conveyed on CEOs and IT managers indicated that security was the major issue constraining Cloud adoption. It has now become the opposite: Public Cloud is now becoming the security solution for companies.
Public Cloud is a controversial subject among security experts
“Contrary to preconcieved ideas about Public Cloud security, it can be a miracle solution to companies security concerns”
- 2015, Guillaume Poupard, the director of the ANSSI, said in a speech : “Cloud answer a real need in term of IT security. We support companies that want to join the Cloud, notably small and medium companies who will never be experts in cybersecurity”
- Latest Rightscale annual survey conveyed on 1.060 IT professional show that security is not the first concern anymore to adopt Cloud usage but rather team training and lack of ressources.
The 3 security models in an IaaS model
OF the Cloud
- Security of his datacenter,
- Security of his Cloud architecture,
- Transversal security services : DDoS protection, patch management, …
IN the Cloud
- Accreditation management (RBAC model, integration in a company directory),
- “aaS” security services : for exemple, a VPNaaS, a FirewallaaS.
FOR the Cloud
- Working on IaaS infrastructure solution
- It’s third-party security solution validated in the IaaS index
Shared responsabilities between custumer and Cloud provider in IaaS model
Costumer’s responsabilities in an IaaS model are :
- Authorization to access environments through the terminal made available by the Cloud provider.
- OS, middleware and app patch management
- Encryption of virtual machines and datas
- Application-level pen testing