… a shared responsibility model.
Cloud service providers are constantly making updates and investments to ensure the security of cloud infrastructure and software, but they’re not on the hook for everything. Cloud providers take responsibility for ensuring the security of their SaaS, IaaS and PaaS offerings. This means keeping them free of vulnerabilities and ensuring the physical security of the hardware. Cloud service providers also provide encryption for data at rest and access-management capabilities. Individual organizations are responsible for securing what’s in the cloud. This is the shared responsibility model.
In an EC2 instance, for example, AWS takes responsibility for its hardware, connectivity and the software running its compute, storage, database and network operations. The customer generally must keep the guest operating system, as well as any application software or utilities, updated and patched, and properly configure the AWS-provided firewall. This means your customers must have policies and solutions in place to prevent data loss, unauthorized access via vulnerable applications and endpoints, and more.
This is why it’s necessary for your SMB customers to be aware of their level of responsibility and understand the most effective security policies and solutions when moving to the cloud. As informed consultants, you can provide information on the types of solutions they will need to secure the cloud, as well as the core capabilities of these solutions, such as integration with on-premises security controls. When advising customers, look for simplified management and visibility combined with the ability to maintain comprehensive, integrated security capabilities. This is especially important as SMB teams generally have fewer resources to devote to security.
Of course, it’s also a digital services opportunity. The key is to make sure customers understand that while the cloud is not inherently unsafe, moving data into Azure or AWS doesn’t mean they can then ignore security.
Jon Bove is the vice president of Americas channels at Fortinet. In this capacity, Bove and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the United States as the company seeks to help them build successful – and profitable – security practices.