Developing applications on hyperscaler platforms opens up new perspectives. But is it also safe?
Azure, AWS and Google enable faster time-to-market and greater efficiency through their cloud services. But what is the legal situation regarding the processing of confidential customer data in the cloud and how can data security be guaranteed? In C-Level magazine, ipt experts Matthias Buchs and Cyrill Rüttimann point out the differences between traditional on-permises and cloud security.
Basically, Hyperscaler provides managed services that are shared with other customers. The responsibility for the data cannot be delegated. "If the data is processed with the Hyperscaler services, the company itself is responsible for the scope of security measures," the two ipt experts emphasize.
If we assume that the developing solution consists of a multitude of services, each individual service must contribute to security. This means that several services must be available for a security task. If the same task is performed a second time, then if a fault occurs in one service, the second will detect and prevent the potential outflow of data.
«The cloud provider is responsible for adhering to best practices regarding the security of its services, but not for the consequences,» the two Associate Partners point out.
The higher the quality of service, the less you have to invest in data security. The services offered should therefore also be examined to determine the effort required to defend against attack. Hyperscalers are usually better at maintaining and migrating security gaps. It is therefore worth checking whether security tasks can be delegated.
If control mechanisms are implemented automatically in the form of executable code, it is ensured that internal and external requirements are met without blind spots.
By centrally managing important aspects such as identities, authorizations or policies for data authorization, you keep the threads in your hand despite the great autonomy of the development teams. This is typically used decentrally by the development teams.
The solution is as secure as the culture of the organization. It is therefore crucial that employees comply with the guidelines and implement the processes accordingly.
Read the entire article by our two associate partners and cloud experts Matthias Buchs and Cyrill Rüttimann from C-Level magazine 2|2020.