Top 5 Stories


Cloud security is a shared responsibility

26 July 2012

Security in the cloud is the shared responsibility of the cloud provider and the customer, judged Greg Rusu, general manager of PEER 1 Hosting’s public cloud division Zunicore.

The cloud provider needs to provide basic security, such as the physical security of the server and network segregation and security. “So there is a certain amount of responsibility on the part of the provider…to be able to provide cloud services”, Rusu said.

“You also have to provide network center operations to help guard customers against attacks like denial of service or DNS hijacking. The more services that a cloud provider can provide, the better”, he told Infosecurity.

Customers also need to be conscious of security issues related to making content available to the outside world. “The customers have ultimate responsibility for what they want to share, to what extent they want to go to protect the data”, Rusu observed. The data can be stored anywhere from a public website to a back-office system that has to be secure.

“The burden of security lies with both the cloud provider and the customer. No matter how secure the cloud provider makes the infrastructure…if the customer decides to do risky things, all the security we can provide doesn’t help”, Rusu commented. “What we see in practice is that security is a partnership” between the cloud provider and the customer, he added.

“In a nutshell there is a great deal of security awareness that needs to be provided to cloud users”, Rusu said.

In a related development, the Cloud Security Alliance (CSA) is seeking industry input in updating its top threats to cloud computing report, which it first published in March 2010.

In the original report, the CSA identified seven threats to cloud computing: abuse and nefarious use of cloud computing, insecure interfaces and application programming interfaces, malicious insiders, shared technology, data loss or leakage, account or service hijacking, and unknown risk profile.

The alliance said that results of the industry survey on top threats to cloud computing will be published at the CSA EMEA Congress being held in Amsterdam in late September.

This article is featured in:
Cloud Computing  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×