After years of trepidation, it’s almost become common knowledge for most enterprises that the public cloud is at least as secure (if not far more secure) than their traditional hosting or on-premises infrastructure. While public cloud security concerns have been ameliorated for executives, that doesn’t mean that IT teams can sit back and relax.
If anything, security and IT professionals have to evolve their security practices, protocols, and tool sets for the cloud. While Amazon Web Services (AWS) secures the hardware (server, storage and networks), AWS users are held responsible for the security of their data, applications, operating systems, and the security measures. To that extent, some things remain the same, as common IT security practices such as user access controls, patch management, encryption, and firewall configurations are vital for top-notch security. But additional challenges emerge when new resources are spun up on demand via Lambda or the Elastic Container Service (EC2), as DevOps teams spin up new servers that are out of reach of the IT team. This has forced DevOps teams to include security provisions as an essential part of their code packages, putting the responsibility of security on them. So whenever a dev, test or production instance is created, security isn’t a forgotten part of the equation.
Learn more about security strategies in the cloud on seachcloudcomputing.