Shared Responsibility with Cloud Service Providers

Published by Jimmy Chin on

Cloud service adoption continues to grow rapidly, especially in APAC. Service providers have been taking an enormous task to provide a strong availability, security and stability infrastructure to maximize the cloud value to their tenants.

However, many organizations often misconception that migrating to the cloud considered transfer all risk and responsibility to the service providers.

IDC Asia Pacific Public Cloud Services to Reach US$165.2 Billion in 2026, according to IDC Forecast - 2022 Sep -F-1

Over the years, emerging of Cyberattacks, especially towards cloud hosting providers, are becoming rampant and sophisticated. This triggers an argument and finger-pointing situation between customers and service providers who should be responsible for data loss or breaches.

As an MSP like us, we often called to provide consultation and might step in as a mediator to cover the gaps. However, in the reality, our answers have to be factual by telling the client needs to take some responsibility for how their cloud data is protected, by doing due diligence and risk management. Because they owned the data. Data is one of the most important asset in digital driven business which has to be part of their IT governance regardless of PaaS or SaaS.

AWS Shared responsibility framework

AWS (Amazon Web Service) has worked out a clear shared responsibility model between their customers, which can be an outstanding model to follow. 

Quoted “AWS (Cloud) responsibility “Security of the Cloud” from the infrastructure provider point of view by ensuring the availability and while customer responsible the “Security in the Cloud” where they should manage the instances based on organization own security policies, control plane and data routing.

Appointed MSP with Cybersecurity services as well played a crucial role in providing security guidance and jointly developing a framework in helping their clients to comply with certain practices, for example, NIST CSF and ISO 27001 requirements that will highly beneficial to all parties.

As part of shared responsibility, cloud providers often provide training to their clients. The more they understand, the lesser the risk severity.

#cybersecurity

#managedservices

#sharedresponsibility

#cloudcomputing

#cloudsecurity

By CW Wang

General Manager, Managed Services

Qloud MSP

Categories: Blog

Related Posts

Next Gen Managed Services Provider
Blog

Improving Business Efficiency with Next-Gen Managed Services Provider (MSP)

Originally established as a business enabler, IT department were meant to offer management greater visibility in making critical decisions by collect and analyse information on various front. But let’s face the reality, many IT departments Read more…

Malaysia Cybersecurity Insights 2024
Blog

Malaysia Cybersecurity Insights 2024

The Malaysian cybersecurity landscape is undergoing rapid transformation, presenting both challenges and opportunities for SMEs and corporates. To ensure business continuity and protect critical assets, staying informed about evolving threats and implementing robust security measures Read more…

benefits of hiring a vCISO
Blog

Top 10 benefits of Hiring A vCISO

As cyber threats become increasingly sophisticated, the role of top-tier security leadership is more crucial than ever. Ever wondered if there’s a way to boost your company’s cybersecurity without breaking the bank? Enter the world Read more…