With businesses and organizations worldwide turning to the cloud for flexible, scalable, cost-effective and agile IT services, there's no better time than now to work on securing your enterprise's cloud computing infrastructure, and understanding the shared responsibility model that comes with adopting cloud services.
"Sticking our heads in the sand and pretending that the cloud is not a trend that is going to affect IT for the next several decades is one of the most dangerous things you can do. The reality is that cloud service providers are going to come into our organizations," says Mike Chapple in this video.
Chapple is the senior director of IT service delivery at the University of Notre Dame, and was previously an information security researcher with the National Security Agency and the U.S. Air Force.
By first understanding which tiers your cloud service providers sit on -- Software as a service (SaaS), platform as a service (PaaS) or infrastructure as a service (IaaS) -- you will be able to evaluate how the weight is divided up between your enterprise and the vendors, in terms of cloud security management. Enterprise users and vendors operating in the shared responsibility model both need to have a clear picture of who is responsible for what. Chapple provides a deeper look into Windows Azure and Amazon Web Services as vendor examples.
Chapple then explains four ways an enterprise can function more effectively in a shared responsibility model. He emphasizes that no matter whose responsibility it is, enterprises should act like they bear the full weight of cloud security management -- after all, it is their data's security on the line. Enterprises should research provider claims, documentation and compliance standards to be certain that they can live up to expectations.
Watch this video to learn more the shared responsibility model in cloud security.