There was a great article by Trevor Jones this week in TechTarget that talked about the cloud world, how its evolving “beyond the shared responsibility model.” We thought a lot of his findings were worth sharing to our audience. Here is a link to his article: Cloud security concerns shift beyond shared-responsibility model.
It isn't that the cloud has evolved beyond the notion of shared responsibility, it's that customers are beginning to understand this model and have less hesitation about leveraging the cloud. For years, the response to security has been to throw everything behind an on-premises firewall. This strategy provided security, but it also masked a multitude of sins. Taking that security away – or rather, moving it into the cloud – has meant IT needs to take a fresh look. In many cases, IT professionals are more comfortable about security in the cloud. Instead of having to tackle security themselves, they can rely on the combination of the cloud provider and the vendors who integrate with the to provide better security than they could on-premises.
“The experience from a vast majority of cloud service providers is greater in sum than the experience you have on your own team and data infrastructure provider,” said Richard Rushing, chief information security officer at Motorola Mobility. There are also more tools and a more transparent approach to cloud data, meaning companies gain a level of data visibility they didn't have when everything was firewalled on-premises. “[Enterprises] want to have these things, and I think probably that was why clouds were so scary to so many people,” Rushing said. “Originally, it didn't have that visibility, but now you can get almost identical visibility that you can get on your local network.”
In fact, vendors like Barracuda provide end-to-end visibility. An array of on controls around logging and identity and access management have given customers more granular control and greater insight into workload security. These access controls have also allowed companies to enforce policies with which they’re already familiar, regardless of where the data and infrastructure resides.
So if the cloud world is moving from one of caution and suspicion to one of pragmatic and objective processes and controls, is security no longer an issue? Hardly – especially as more and more processes and devices, such as IoT, leverage the cloud. “If it's hard to find a security expert that's also an AWS expert, then there are probably zero humans out there that are security experts, plus AWS experts, plus Azure and can explain all of those knobs and services to such a minute detailed view,” according to Sam Bisbee, the CTO at ThreatStack in Boston.
Once again, this puts the spotlight back to vendors and to cloud service providers – many of whom implement Barracuda security products at their customers. Companies like Barracuda are in the security business, and employ those very experts that corporate customers can't find. We leverage Engineering groups who are adept at identifying threats, and at integrating with the many security options already provided in AWS and Azure and Google's GCP, and enhancing security in a way that will bridge those customers' on-premises solutions with the cloud ones to which they're migrating. These customers require granularity and logging and control, yet also want “set it and forget it” security controls that leverage the ability of companies like Barracuda to identify and protect against new threats on a proactive basis.
For more information on our public cloud solutions, visit our corporate site at www.barracuda.com.
Rich is the Product Marketing Manager, Information Management. He's been with Barracuda since the acquisition of C2C Systems in 2014. Rich specializes in storage solutions, information management, and archiving systems. His experience includes extensive work on OEM opportunities and the legal community.
Rich is the Product Marketing Manager, Information Management. He's been with Barracuda since the acquisition of C2C Systems in 2014. Rich specializes in cloud-deployed solutions, information management, and archiving systems. His experience includes extensive work on OEM opportunities and the legal community.
You can email Rich at firstname.lastname@example.org.