Into the cloud with a clear conscience

Developing applications on hyperscaler platforms opens up new perspectives. But is it also safe?

Azure, AWS and Google enable faster time-to-market and greater efficiency through their cloud services. But what is the legal situation regarding the processing of confidential customer data in the cloud and how can data security be guaranteed? In C-Level magazine, ipt experts Matthias Buchs and Cyrill Rüttimann point out the differences between traditional on-permises and cloud security.

6 critical cornerstones for the development of applications in the cloud

  1. The management is responsible for customer data

    Basically, Hyperscaler provides managed services that are shared with other customers. The responsibility for the data cannot be delegated. "If the data is processed with the Hyperscaler services, the company itself is responsible for the scope of security measures," the two ipt experts emphasize.

  2. double security through double checking

    If we assume that the developing solution consists of a multitude of services, each individual service must contribute to security. This means that several services must be available for a security task. If the same task is performed a second time, then if a fault occurs in one service, the second will detect and prevent the potential outflow of data.

  3. Security can be delegated to the cloud provider

    «The cloud provider is responsible for adhering to best practices regarding the security of its services, but not for the consequences,» the two Associate Partners point out.

    The higher the quality of service, the less you have to invest in data security. The services offered should therefore also be examined to determine the effort required to defend against attack. Hyperscalers are usually better at maintaining and migrating security gaps. It is therefore worth checking whether security tasks can be delegated.

  4. Less risk through automation of governance

    If control mechanisms are implemented automatically in the form of executable code, it is ensured that internal and external requirements are met without blind spots.

  5. Central administration makes security manageable

    By centrally managing important aspects such as identities, authorizations or policies for data authorization, you keep the threads in your hand despite the great autonomy of the development teams. This is typically used decentrally by the development teams.

  6. The greatest risk is the human being

    The solution is as secure as the culture of the organization. It is therefore crucial that employees comply with the guidelines and implement the processes accordingly.

«The controlled path to the cloud requires a plan based on organization, culture and technology.»
Matthias Buchs & Cyrill Rüttimann Associate Partner, ipt

Read the entire article by our two associate partners and cloud experts Matthias Buchs and Cyrill Rüttimann from C-Level magazine 2|2020.