The Cloud Security team here at Barracuda have been spending a lot of time with customers and partners, helping with their transitions to their cloud service provider of choice. We’ve been doing a series of roadshows, service provider events and more to help our customers migrate to a safe cloud. And along the way, we’ve discovered three security personas that organizations fall into, when it comes to cloud security.
The first persona is what we like to call the Optimist. The Optimist loves the cloud and cloud service providers – best thing since sliced bread in their opinion. The best thing about the cloud, in their opinion, is the security. The cloud is secure by default! The Cloud service provider takes care of most things, we just need to tune the rules a little bit. No more mucking about with Firewalls or anything. Life is good!
The Pessimist does not believe in the cloud. They want their own pets in their own data center. They know their pets very well. They know that Mjolnir.orgname is a hand-crafted server in Rack “X” in DC “Y”. Mjolnir was sick last week, had to replace a failing hard drive. They also believe that the cloud does not matter – such an overrated concept. Why would I trust someone else’s network and hardware, and give up so much control? “Shared-security Responsibility” …. right /s.
The final security persona is the Realist. They know and understand how the Shared Security Responsibility model works. They are aware of the various security options that the CSP provides – and their limitations. Cloud instances to them are cattle – frontend001.web.uswest2.vpc4 is just one of many instances in an autoscaling cluster. Features like automatic scaling and deployment across multiple availability zones are understood and used to maximal advantage.
As you’ve probably realized by now, the Realist is the best persona for your organization when moving to the cloud. Understanding Shared Security Responsibility is vital, along with a minute understanding of what falls into your cart versus the CSP’s. This is best illustrated by this graphic from Microsoft (and can be applied to any vendor):
Tushar Richabadas is a Product Manager for the Barracuda Web Application Firewall team in our India office. You can connect with him on LinkedIn here.