Cloud security: an identity problem

Metal chains in front of sky with white clouds

The cloud is now a secure way to secure data and run applications. Or it should be. Cloud service providers, especially the “hyperscalers”, now have robust security in place. And their security measures are typically more advanced than those of most businesses.

But that security is there, first and foremost, to protect the cloud provider’s own business, securing their systems against cyber attack or outages. They are not, for the most part, protecting users’ data. The “shared responsibility model” means that cloud customers are responsible for their data and applications.

So IT and security teams need to make sure their cloud environments are set up correctly, and use the security tools on offer. This includes controlling who can access cloud systems. In turn, this requires a robust approach to identity and access management.

The problem, as our guest this week identifies, is that senior managers fail to understand that point, and expect the cloud to fix everything.

It won’t, and asĀ Jennifer Cox, member of the global engineering team at Tenable, and director for Ireland of Women in Cybersecurity, warns “it always makes me a bit nervous when people think that something is foolproof”.

Image by Willfried Wende from Pixabay