Security Responsibilities that are a Bit Cloudy

When it comes to securing data in a cloud environment, the responsibility for security can be a bit cloudy. While cloud providers do clearly state who is responsible depending on the level of service, ultimately the responsibility should be shared by all parties involved. Albeit in storage, transfer, or process, data security should be managed with a holistic approach with the understanding that safeguarding of sensitive data is a primary function, not a secondary afterthought.

Recently in a conversation with AWS certified Bruce Elgort, the thought process for using auditing tools provided by Amazon as being sufficient was revealed. This train of thought puts the responsibility on the team configuring the S3 buckets, shifting responsibility of risk away from the vendor. A point was raised in response, indicating that it may be the governing bodies responsibility to safeguard data of its citizens.

When looking at the bigger picture it is revealed that many different parties share different parts of the responsibilities being discussed here. In cybersecurity it is well known that compliance drives spending for regulatory controls, however; compliance and security are not necessarily a tandem achieved when either one is carried out. Ultimately, the sector of business dictates what compliance standards are applied. Is it possible that more regulation is needed for cloud vendors?

One thought on “Security Responsibilities that are a Bit Cloudy

  1. My, how my opinions have changed over the past quarter+ century. Back when I was in college(the first time) – before the internet was the ‘internet’ – my mantra was “free as in beer, open source”, and zero regulation internet(free speech, free commerce). Today, a lifetime later, a career later, and back in college again, I find my mantras have changed. Instead of open source for everyone, everywhere, all the time, I have back tracked to a firm belief that copyrighted, private software has an equally valuable place in industry as well as personal. An with regard to a deregulated internet, I have stepped back from that also. Some form of regulation is needed. I don’t know what that should look like. But hopefully, people much smarter than myself will come together soon, to figure it out.

    For now, I remain optimistic…

Leave a Reply

%d bloggers like this: