Cloud service adoption continues to grow rapidly, especially in APAC. Service providers have been taking an enormous task to provide a strong availability, security and stability infrastructure to maximize the cloud value to their tenants.
However, many organizations often misconception that migrating to the cloud considered transfer all risk and responsibility to the service providers.
Over the years, emerging of Cyberattacks, especially towards cloud hosting providers, are becoming rampant and sophisticated. This triggers an argument and finger-pointing situation between customers and service providers who should be responsible for data loss or breaches.
As an MSP like us, we often called to provide consultation and might step in as a mediator to cover the gaps. However, in the reality, our answers have to be factual by telling the client needs to take some responsibility for how their cloud data is protected, by doing due diligence and risk management. Because they owned the data. Data is one of the most important asset in digital driven business which has to be part of their IT governance regardless of PaaS or SaaS.
AWS (Amazon Web Service) has worked out a clear shared responsibility model between their customers, which can be an outstanding model to follow.
Quoted “AWS (Cloud) responsibility “Security of the Cloud” from the infrastructure provider point of view by ensuring the availability and while customer responsible the “Security in the Cloud” where they should manage the instances based on organization own security policies, control plane and data routing.
Appointed MSP with Cybersecurity services as well played a crucial role in providing security guidance and jointly developing a framework in helping their clients to comply with certain practices, for example, NIST CSF and ISO 27001 requirements that will highly beneficial to all parties.
As part of shared responsibility, cloud providers often provide training to their clients. The more they understand, the lesser the risk severity.
By CW Wang
General Manager, Managed Services