You really need a village to keep you safe in the cloud – Meczyki.Net

as i walk Halls of the Huge Boston Convention Center for This Week aws reapplyThe Division’s annual security event, I talked to several vendors, and one theme was clear: Cloud security is really a shared responsibility.

The idea has been around for a while, but it particularly hit home this week as I saw various AWS security executives talking about it during the event’s keynote and upcoming conversations I had during the week. heard through

At a very high level, the first level of responsibility for security rests with the cloud vendor. He has to ensure that the data centers run by him are secure to the extent that it is under his control. Yet, at some point, there is a gray area between the company and the customer. Sure, the vendor can secure the data center, but it cannot protect the customer from exposing the S3 bucket, for whatever reason.

Security is such a complex undertaking that no single entity can be responsible for keeping a system secure, especially when user error at any level can make the system vulnerable to cunning hackers. There should be communication channels at every level of the organization, with customers and with relevant third parties.

When an external event like a Log4J vulnerability or Solarwinds exploit affects the entire community, it is not a single vendor problem. This is everyone’s problem.

The idea is that when problems arise everyone has to communicate, share best practices and pull together as a community to prevent or reduce security incidents.