Cloud technology offers organizations of all sizes and types numerous advantages in terms of scalability, potential resource savings and innovation. As more and more midsize organizations move workloads to the cloud, one might ask, is the cloud safe?

The real dangers of cloud computing are the perceived loss of control, including issues with visibility into the provider environment, possible incompatibility of security tools and controls in the cloud.

Shared Responsibility

In the era of cloud computing, more and more companies are using shared responsibility for IT data security. This means that the cloud provider is responsible for some security elements and the organization is responsible for the management elements. Therefore, it is important to agree on who is responsible for what before signing a contract.

The nature of the shared responsibility model will vary depending on the model used, which can be as SaaS, PaaS or IaaS.

For example, in SaaS models, the consumer is only responsible for the data and the provider is responsible for the operating system, application and infrastructure. In PaaS models, the consumer is responsible for the data, that is, the data, and probably some of the application components.

In contrast, in the IaaS model, the consumer is responsible for all layers of security in the cloud (also called deployed assets), and the cloud provider is responsible only for the underlying infrastructure.

Thus, no cloud provider will take full responsibility for all cybersecurity measures and requirements. Some security concerns will be borne by the organizations themselves, and they will have a responsibility to know what they can and cannot control in different cloud environments.

Identity and access management

The main task of identity management is to control access to computer resources, applications, data and services. IdM or IAM ((Identity and Access Management) systems perform this task.

As a comprehensive solution for user identification in the cloud you can use https://www.observeid.com.

Cloud-based systems can use forms-based authentication to identify users. The organization can either provide user authentication to the cloud service itself or use identity management service providers. The techniques for doing this are called various things, such as "identity authentication," "identity federation," and include a number of protocols (e.g., SAML, SAML-P, WS-Federation, OAuth). These techniques depend on the systems the organization wants to use to authenticate users:

AML/WS-Fed is typically used for enterprises (e.g., using Microsoft Active Directory).
OAuth is mostly used by consumer-oriented systems (e.g., Facebook, Google, etc.).
Ideally, authentication should support multi-factor authentication for those products with which company users are familiar, and before implementing an IAM/IdM system, make sure that the system supports all types of user devices.

Contact ObserveID for a more in-depth cloud security implementation proposal.