Today, cloud is an intrinsic part of business strategies focusing on product availability, maintaining uptime, scaling rapidly, and reducing infrastructure capital expenses. However, the exponential cloud adoption has also blurred the lines between network and internet, which has caught most companies off-guard, especially those who were overly dependent on network application security.
SANS Institute’s IT Security Spending Trends reports shows that most companies still spend more on wireless security and network traffic visibility, which suggests that they still consider their network defenses the best means of protecting their sensitive data even with cloud as a part of their strategy.
On the other hand, the State of Cloud Report highlights that both big and small companies rate ‘Security’ and ‘Compliance’ amongst their top challenges on the cloud challenges.
So why is there a gap?
The biggest cause of concern is that most companies assume that cloud service providers offer 360-degree protection for their assets hosted in the cloud infrastructure. While most cloud service providers to offer information security and physical protection of the datacenter, they expect their customers to bear the responsibility for securing their data and applications.
For example, Amazon Web Services (AWS) (world leader in cloud services) has documented its position in a shared responsibility model. According to AWS “While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site data center.”
Understanding the risks and shared responsibility model is the first step towards building a high secure and reliable environment.
As businesses move to modern hosting platforms, they need to look beyond the network security perspective and focus even more on the application layer. Organizations can no longer expect to be building walls around their datacenters to keep attackers at bay when their apps are hosted on the cloud.
As mentioned under the AWS ‘shared responsibility’ model for security of applications in the public cloud, companies should focus on a holistic approach to application security. They should consider tools and services that detect weaknesses in web applications and provide real-time alerts, block hackers from exploiting those weaknesses, monitor traffic and user behavior accessing web applications in the cloud and automatically remediate those vulnerabilities.
Indusface helps you achieve that on AWS. The Indusface Total Application Security offers automated web vulnerability scanning, penetration testing, protection against OWASP exploits and business logic flaws through custom rules, and 24/7 monitoring of the assets in the cloud.
Confused about securing apps in the cloud? Take our 14-Day Trial to find out how it will help secure your web presence.
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in the security industry and had held various mgmt/leadership roles in Product Development, Professional Services, and Sales @Entrust.