While many businesses have completed their migration to the cloud, some still fear of having their sensitive data moved outside of the organization and into a public cloud.
Some argue that systems on-premises are most secure as your data stays within an organization, behind the company firewall. Others claim that leading public clouds are just as secure if not more secure than on-premises infrastructure.
The cloud built on the Amazon Web Services (AWS) platform offers a variety of security tools and support that ensure the security of the cloud and the information in it. AWS follow a shared responsibility model, meaning the cloud provider, in this case AWS, will always be responsible for the security of the cloud, while the consumer is responsible for some elements of the security in the cloud.
XProtect on AWS offers a highly secure cloud deployment alternative to traditional deployment on-premises. In this article we address five key myths associated with public cloud usage and security.
Myth #1: It is not safe to put sensitive personal data in a public cloud.
AWS is responsible for keeping the cloud secure including the privacy of your data at the layers which they are responsible for. AWS provides multiple options for moving data from on-premises to the cloud. Data transferred to the cloud is secured via TLS encryption for all AWS services. Users can utilize virtual private clouds which gives users complete control over their virtual networking environment including IP addresses, route tables, and network gateways. These connections are oftentimes more secure than in-house network connections.
Myth #2: I lose ownership and control of my data in the cloud.
With AWS, you control where your data is stored, who can access it, and what resources your organization is consuming at any given moment. Fine-grain identity and access controls combined with continuous monitoring for near real-time security information ensures that the right resources have the right access at all times. AWS allows you to retain control of your data in the cloud, including providing the capability for you to determine which region your data resides in. AWS will also protect your data from unauthorized access for the areas they are responsible for.
Myth #3: With serverless technologies other customers can see my data.
Serverless services are secured following AWS best practices, which provide strong isolation, ensuring code from different AWS accounts always run in separate EC2 instances. Logging mechanisms also ensure visibility of what is happening within the serverless environment. Customer responsibilities within serverless include securing identity and access into your own serverless applications.
Myth #4: Since the cloud is external to the organization everyone can connect to it.
Users of XProtect on AWS use Secure Cloud connectivity through dedicated (direct connected) lines or VPN connections, where AWS only accept customer gateways that support Internet Key Exchange (IKE) protocol.This assures that only authorized users can access the system while enforcing strict connection policies.
Myth #5: AWS employees can access my data.
AWS utilises automation to manage, maintain and scale their cloud offerings. Occasionally, human access is required, but it is governed by robust controls, meaning:
- Employees with physical access to AWS customer assets do not get logical access rights to your data and vice versa.
- The corporate network and services networks are segregated and use separate identity providers.
- Access is logged and governed by use of a VPN, multifactor authentication, and device certificates.
- Employees with administrative access are subjected to an enhanced level of screening.
Cloud can in many cases expedite implementation of controls, such as encryption and auditing with minimal impact to business processes when compared to traditional infrastructure on-premises. XProtect on AWS allows organisations to rapidly scale their systems to respond to internal and customer demand. Deploying and maintaining a secure system on premises or in the cloud is a joint effort to which Milestone is committed.
On our website you can find our Hardening Guide for more security best practices, as well as free online courses about Milestone cloud deployment.