Public cloud is still a hotly debated topic amongst organizations, and take a guess as to why? Security. However, that hasn’t kept businesses from investing heavily in public cloud strategies. By the end of 2020, Forbes has forecasted “67% of enterprise IT infrastructure and software will be cloud-based.” If you’re trying to increase your network scale, realize greater network value or transform to a more dynamic infrastructure, you’re either already in the midst of your journey or at least part of the way there. And with services and assets shared between your on-premises networks and the cloud, it can be a little fuzzy on how or what to secure. The public cloud Shared Responsibility model was designed to combat exactly that—and make clear delineation on who is responsible for securing what.
There are two key areas of the Shared Responsibility model:
“Security of the Cloud” – The cloud vendor is accountable to protect and ensure availability of the infrastructure and the services that make up the cloud. Cloud infrastructure is composed of the hardware, software, networking, and facilities that run the respective vendor’s cloud services.
“Security in the Cloud” — You are responsible for your cloud-based assets and management. Ultimately you design your own unique security strategy and manage your risks for any and all cloud services, asset and data you add in a public cloud. For example, any compute instances you run, you are responsible for the management of the guest operating system (including updates and security patches), any application software or utilities you install on the instances, and the configuration of the cloud-based firewall on each instance. You are responsible for managing your data (including encryption options), classifying your assets, and using IAM tools to apply the appropriate permissions.
With all the different security offerings available in each of the public cloud providers marketplaces, it becomes overwhelming and confusing trying to identify the right tools to help you fulfill your end of the shared responsibility model. To alleviate the confusion and to help you maintain a consistent posture both on premises and in the cloud, a good rule of thumb is to partner with a security partner that supports a broad range of cloud providers. Likewise, leveraging the same tools you use to secure your premises-based networks in clouds ensures a faster deployment, alleviates misconfigurations and ensures stronger security for all your cloud-based investments.
At Cisco, we do the heavy lifting for you. We offer a comprehensive suite of security solutions for public cloud environments and maintain strong technology partners with the leading public cloud providers (AWS, Google Cloud, Azure). This allows you to integrate security seamless into your cloud environments, deliver a consistent experience for your users and maintain visibility and control over all your cloud data and assets. The depth and breadth of our solutions ensures your business can safely transition to the cloud while aligning security to the speed of your digital business:
- Cloud security: Cisco Umbrella integrates multiple security services in the cloud including DNS-layer security, firewall, secure web gateway, cloud access security broker, and more to secure internet access. Since DNS is built into the foundation of the internet, security at the DNS-layer can be simple to deploy and highly effective for securing the public cloud. Cisco Umbrella provides DNS-based security that blocks requests to malware, phishing, and botnets before a connection is even established.
- Secure On-prem to Public Cloud: Cisco Next Generation Firewall can bring advanced capabilities of your firewall into your cloud environment, acting as a gateway and also extending your data center security policies into cloud and remaining compliant. What’s more, you can create a consistent security posture that extends from your on-premises environment to your cloud infrastructure, making the migration to public cloud seamless and painless.
- Cloud Workload Security & Microsegmentation: One of the most vulnerable assets are your applications(read more on app security) and securing application workloads using microsegmentation with Cisco Tetration in your cloud can unleash the potential of your developers and security operation reaching harmonious freedom.
- Advanced Threat Detection: What about network flow? Get advanced threat detection in your cloud network with Stealthwatch Cloud.
- Secure Access to your Cloud: Also, ensure you have secure access using Duo multi-factor authentication to your cloud-based services.
Cisco Services is a true partner in your journey to a shared responsibility model by helping you deploy and manage your security solutions in the cloud. With Cisco you are not alone, you have the power of a trusted partner to bring along with you on your digital transformation journey to ensure a consistent security posture for your hybrid network.