Moving data storage and processing to the cloud has been a growing trend for several years. As companies realize maintaining expensive computing infrastructure resources are no longer necessary, businesses are considering services like Amazon Web Services (AWS) to handle their infrastructure needs. AWS has several benefits over traditional infrastructure including flexibility for growing companies, availability of resources, enhanced security and much more. Although cloud based infrastructure can provide many benefits, moving processing to the cloud creates new risks and challenges that need to be addressed.
AWS uses a Shared Responsibility Model for the security of data on their systems. Amazon is responsible for protecting the infrastructure and the security of the cloud but customers are responsible for the security of their data in the cloud including applications, network, access, etc. Many people feel that once they move to the cloud, their data is safe and they no longer have to worry about security issues but that simply is not the case. Moving data to the cloud comes with new security challenges that need to be addressed to preserve the confidentiality, integrity and availability of the data stored on the cloud.
At RubinBrown, we guide our clients through the security lifecycle addressing the following key steps:
- Define criticality of what information is in the cloud with AWS.
- Train in utilizing AWS Management Console or AWS API to inventory assets.
- Review accesses and permissions to help maintain confidentiality and, where necessary, privacy.
- Assess against the AWS security audit guide and provide knowledge transfer to your team.
As AWS states: AWS has responsibility for security “of” the cloud, while you, as a user of AWS, has responsibility for security “in” the cloud.
At RubinBrown, we can assist you in the navigation of securing “in” the cloud.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.
All Business Advisory News Cyber Security Overview