Well, in many ways, nothing, really.
Since the advent of “cloud computing” we are certainly considering “security” under a microscope and in a new light. The truth is, though, that security is still just security. Maybe the cloud model has changed the specifics of “who does what” but all the stuff we’ve learned before still applies.
There are some who would have us believe that there is some mystical element to security now that there is the “Cloud”. What about “Hypervisor Security” they say? Yes, I suppose there may be an example or two of a rogue VM jumping into another’s space, but these are almost surely Type II Hypervisors. The reality is that this is extremely unlikely (i.e. probability ~= 0) with Type I Hypervisors used by Cloud Providers. Anyway, what are you going to do? Write your own Hypervisor? I don’t think so.
So where does that leave us?
If you are doing a self-hosted, on-premises Private Cloud then the responsibility is all yours. These are the same responsibilities that you have always had, by the way, as a data center administrator. If you are out-sourcing some or all of your cloud then you are into a shared-responsibility model. By definition “shared” means that you trust someone else to some degree.
So, why should you trust your cloud provider? Surely you could do a better job by yourself, right? Well, maybe, maybe not.
Today most Cloud Providers are certified. That means that they have been able to comply with various standards which are meant to assure us that they can do what they say. If you are a SMB then there is a good chance that your provider will have way more certifications than you would ever care to achieve. If you are an Enterprise then maybe you have this all taken care of on your own.
So, what? Is there a magical formula to security in the cloud? No. When talking about security in the cloud we have to consider all the usual topics: Authentication/Authorization, Encryption, Digital Certificates, etc. These apply equally in or out of the cloud.
Learning Tree International has a number of security courses. Enroll now for an upcoming course at an Ed Center near you! Alternatively you may like to attend the course remotely using our proprietary AnyWare technology.
Either way, I hope to see you soon!