The Cloud is Shared Responsibility

If you think the cloud is worry free, you might be on the wrong way. Yesterday, my customer told me that their VM is locked, the database is hijacked, and all the files are encrypted. The hacker requests bitcoin to decrypt the files. It should not happen! My customer said. They blame us as a partner.

Cloud is shared responsibility

Cloud is shared responsibility; it means you can't expect the entire system is secured by your cloud provider. In IaaS, PaaS, and SaaS, they have different story. In my customer case they are using IaaS. It means that they should take care the application, data, runtime, middleware, and operating system. It means they should take care of:

  • The operating system patching
  • Username and password of middleware
  • Updated runtime
  • Securing the data and their database by giving multi-layer security
  • Updating the application

Choosing the cloud

When you are choosing a cloud, you should take care based on your service. Here is the rule of thumbs.

  • The more control you have the less secure it will be so lots of work to secure the cloud. For example, if you have VM you should take care to secure the perimeter and VM like just the on-premises solution
  • The more costly the services, the more managed services by the cloud provider. For example, in Office 365 you just take care the end user password and usage only.
  • For PaaS and IaaS make sure your solution is up-to-date and great for the cloud. Make sure you update the platform before you lift-and-shift solution

Add comment

  Country flag

  • Comment
  • Preview

Topics Highlights

About @ridife

This blog will be dedicated to integrate a knowledge between academic and industry need in the Software Engineering, DevOps, Cloud Computing and Microsoft 365 platform. Enjoy this blog and let's get in touch in any social media.


Month List