An update on security in the hybrid cloud: Where do we go from here?

Grazed from CloudComputing. Author: David Auslander.

Even in mid-2016, very few who are serious about cloud computing will tell customers that out of the box public cloud services are as secure as their corporate data centres. At the same time no-one would suggest introducing mission critical applications and data into a brand new data centre environment without first planning and implementing proper physical, network, server, and application security controls.

Many organisations distrust moving corporate data and application assets into the public cloud. Loss of control of these assets is the most common reason stated; this is code for loss of control over the security aspects of the environment. To answer this, public cloud providers have developed some form of Shared Security Responsibility model…

For example, Amazon Web Services states that they are responsible for security of the physical plant as well as the separation between accounts or instances, while customers are responsible for building security into the solutions they deploy into their cloud account or instance. In other words, AWS is responsible for the security “of” the cloud and the customer is responsible for security “in” the cloud…

Read more from the source @ http://www.cloudcomputing-news.net/news/2016/may/24/update-security-hybrid-cloud-where-do-we-go-here/