Cloud security failures are almost always the customer’s fault

cloud security
Image credit: supimol kumying |

Gartner predicts that that by 2025, 99% of cloud security failures will be the customer fault, not the service provider. That’s why cloud security posture management (CPSM) is becoming increasingly important, and a clearer understanding of shared responsibility models (SRM) will help to minimize cybersecurity risks to cloud computing. 

So says a recent NTT threat report, which advises that as more businesses consume cloud services and scale them across one or more providers, CPSM helps improve the threat/risk visibility, reduce complexity, mimimize the risk of breach due to misconfigurations, providing the means to evaluate and demonstrate the effectiveness of cloud security and data privacy efforts. To fully realize the benefits of a CSPM, it’s also fundamental that businesses understand the SRM to demarcate the security duties between cloud providers and the consumers or the application owners.

The report highlights Amazon Web Services, Microsoft Azure, Google Cloud Platform and other such providers as good examples of how they clearly define their views on the SRM. There are subtle but critical differences between them all. This enables them to draw a line over how far it is reasonable for them to go to perform basic cloud security functions, monitor and ensure compliance on behalf of their service consumers:

This makes sense as CSPs can’t control everything users do in their cloud. But likewise, users can’t expect to control the security across the CSPs servers and networks. The SRM helps to ensure that both parties are aware of the rules and take ownership for securing the resources they control.

The problem is that CSPs tend to understand SRM better than customers do, which is why customers are more likely to be at fault when a breach occurs, says Nicolas Blot, Cloud Security, European Practice Manager, CISM at NTT.

“Clear, understood, and well-defined roles on security are critical to security risk management in any enterprise. Cloud risk management may be even more critical to the success of the business blueprint,” Blot says. “Incorporating a clear understanding of the Shared Responsibility Model will also help ensure that there’s less fingerpointing in the event of a breach. More importantly, it can ensure there is good security in place across the entire threat surface, cloud environment and local data security obligations.”

Full report is here [PDF].

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.