Skip to main content

Public Cloud Security : The solution to Information System’s security concerns ?

Not so long ago, surveys conveyed on CEOs and IT managers indicated that security was the major issue constraining Cloud adoption. It has now become the opposite: Public Cloud is now becoming the security solution for companies.

Public Cloud is a controversial subject among security experts

“Contrary to preconcieved ideas about Public Cloud security, it can be a miracle solution to companies security concerns”

  • 2015, Guillaume Poupard, the director of the ANSSI, said in a speech : “Cloud answer a real need in term of IT security. We support companies that want to join the Cloud, notably small and medium companies who will never be experts in cybersecurity”
  • Latest Rightscale annual survey conveyed on 1.060 IT professional show that security is not the first concern anymore to adopt Cloud usage but rather team training and lack of ressources.

The 3 security models in an IaaS model

OF the Cloud

IaaS provider-specific security
  •  Security of his datacenter,
  • Security of his Cloud architecture,
  • Transversal security services : DDoS protection, patch management, …

IN the Cloud

Security natively offered to the Client in his IaaS offer
  • Accreditation management (RBAC model, integration in a company directory),
  • “aaS” security services : for exemple, a VPNaaS, a FirewallaaS.

FOR the Cloud

Security provided by third-party :
  • Working on IaaS infrastructure solution
  • It’s third-party security solution validated in the IaaS index

Shared responsabilities between custumer and Cloud provider in IaaS model

Costumer’s responsabilities in an IaaS model are :

  • Authorization to access environments through the terminal made available by the Cloud provider.
  • OS, middleware and app patch management
  • Encryption of virtual machines and datas
  • Anti-Viruses
  • Application-level pen testing