The cloud isn’t one thing, so securing the Cloud won’t be one thing either.
The industry has settled on a layered framework for understanding, comparing and selecting cloud-based services. Gartner’s model has these high-level layers (with subcategories in each layer):
- Infrastructure as a Service (compute, storage, etc)
- Platform as a Service (middleware-like services such as database, queuing, identity services, etc,)
- Software as a Service (finished applications such as salesforce.com)
- Information/Data as a Service
- Business Process as a Service
- Security and Management as a Service
According to Gartner research, the fastest growing segment of all of these layers is IaaS.
In this research note just published for clients, my colleague, Lydia Leong, and I talk about the security considerations for IaaS services. We provide a framework for looking at the provider’s security capabilities as well as thoughts on strengthening the self-defending capabilities of your workloads.
From the research note:
Ultimately, you are responsible for the security of the workloads and data placed into IaaS. More than with any other layer of cloud-based computing services, organizations have flexibility of security controls with IaaS offerings, as the security and compliance of data and workloads is a combination of the service provider’s capabilities and the security controls placed within the workloads themselves, such as a local firewall and host-based IPS.
If you want the workload you place up in the IaaS provider’s infrastructure (e.g. Amazon’s EC2) to be protected, you’ll need to think about what local host-based security software you might include within the workload. Alternatively, you might use a virtual appliance-based version of a security control that is coupled with the workload and placed into the IaaS provider’s infrastructure. For raw storage, it’s the same thing. If you want the storage encrypted, you’ll need to think about doing that before the information is stored, or by using an agent in the workload you place in the Cloud.
Read Complimentary Relevant Research
Cloud Computing Primer for 2017
Cloud has evolved from a disruption to an expected approach to traditional as well as next-generation IT. Our research helps IT leaders,...
View Relevant Webinars
Making Private and Hybrid Cloud Work
Enterprises are building private clouds, but most of them are struggling because of Day 0 problems in their approach, their goals or...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.