If you think the cloud is worry free, you might be on the wrong way. Yesterday, my customer told me that their VM is locked, the database is hijacked, and all the files are encrypted. The hacker requests bitcoin to decrypt the files. It should not happen! My customer said. They blame us as a partner.
Cloud is shared responsibility
Cloud is shared responsibility; it means you can't expect the entire system is secured by your cloud provider. In IaaS, PaaS, and SaaS, they have different story. In my customer case they are using IaaS. It means that they should take care the application, data, runtime, middleware, and operating system. It means they should take care of:
- The operating system patching
- Username and password of middleware
- Updated runtime
- Securing the data and their database by giving multi-layer security
- Updating the application
Choosing the cloud
When you are choosing a cloud, you should take care based on your service. Here is the rule of thumbs.
- The more control you have the less secure it will be so lots of work to secure the cloud. For example, if you have VM you should take care to secure the perimeter and VM like just the on-premises solution
- The more costly the services, the more managed services by the cloud provider. For example, in Office 365 you just take care the end user password and usage only.
- For PaaS and IaaS make sure your solution is up-to-date and great for the cloud. Make sure you update the platform before you lift-and-shift solution