As I walked the halls of the massive Boston Convention Center this week for the annual security event, I spoke to a number of vendors and one theme was clear: cloud security is a shared responsibility.
The idea has been around for a while, but it hit home this week as I listened to various security executives talk about it at the event keynote and through the conversations I had during the week.
The cloud vendor is responsible for security at the highest level. It has to make sure that the data centers it runs are kept safe. There is a grey area between the company and the customer. The vendor can protect the data center, but it can't save the customer from leaving an S3 bucket exposed.
No single entity can be responsible for keeping a system safe when user error can leave a system vulnerable to hackers. Every level of the organization needs to communicate with customers and third parties.
It isn't a single vendor's problem when an external event like the Log4J vulnerability or the Solarwinds exploit affects the entire community. Everyone is responsible for it.
Everyone has to communicate when problems pop up, share the best practices and pull together as a community in order to prevent or mitigate security events.
All Rights Reserved © 2024
