View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
February 21, 2019

1 in 3 IT Professionals Unaware of the Cloud Shared Responsibility Model

Knowledge of cloud configuration is vital

By CBR Staff Writer

One in three IT professionals believe that cloud security is the responsibility of their selected cloud provider, while a further 65 percent of IT teams underestimate the real damage that a cloud security incident can cause.

This is according to the 2019 security report by Tel Aviv-based cybersecurity company Check Point, which also notes that cloud services are vulnerable to three main security issues: account hijacks, malware delivery and data leaks.

Most importantly, how these vulnerabilities should be mitigated is in question by some IT professionals, with Check Point finding: “Misconceptions about the levels of security needed, along with a lack of understanding regarding the responsibility for that security, are common. This leaves the door wide open to breaches.”

Misconfiguration of the cloud is consider to be the highest security threat by 62 percent of IT professionals when they are working with public clouds. (Last year McAfee reported that they had identified over 2000 misconfiguration incidents per month, all of which left enterprise data in a vulnerable state.)

In January this year, meanwhile, it was discovered that cloud security specialists Rubrik had suffered a major security breach after a misconfigured server revealed confidential client contact and configuration data, including data belonging to the NHS and the US’s Department of Homeland Security.

Do You Know What Your Provider’s Shared Responsibility Model Is?

Many cloud service and infrastructure providers operate on what is known as a shared responsibility model. While the specifics of this mutual agreement differ for each company, it is generally considered that the cloud provider is responsible for the security of their own cloud infrastructure, while the customer is in charge of the security of their data in the cloud.

This is the understanding that the provider will manage and control certain elements such as the hosting infrastructure of the cloud and the virtualization layer of the software. Cloud providers are also of course responsible for the actual physical security of the cloud infrastructure.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

AWS Shared Responsibility Model

Shared Responsibility ModelUsing AWS as an example, its customers operate under Amazon’s shared responsibility model in which they are responsible for the configuration and management task that accompany services such as Amazon Elastic Compute Cloud and Amazon Virtual Private Cloud.

“If a customer deploys an Amazon EC2 instance, they are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance,” AWS have stated.

In order to be fully secure when using cloud services on cloud provider’s infrastructure, it is vitally important that IT departments are fully aware of what their key obligations are; systems are only ever secure if they are configured properly.

Security and the cloud will continue to be a battle in which neither side is allowed time to rest as Check Point comments in their report: “As time passes, threats to the cloud will continue to evolve. Attackers will continue to develop more and more tools for their cloud playground, pushing the limits of the public cloud services. Indeed, as new cloud exploitations emerge, there is no doubt that the next attack is already taking place.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.