Have your security team members ever made a mistake in the cloud? Human error happens and it can take on many forms. But, none are as serious as failing to understand the way cloud defenses work. 

If a mistake does come to mind, be reassured you’re not alone.

Seven in 10 organizations suffered a public cloud security incident between July 2019 and July 2020, reports Help Net Security. Of those cloud computing security incidents, 66% involved the exposure of cloud-based data as the result of an exploited misconfiguration.

How can you be sure you’re getting the right type and level of protection? Let’s take a look at what you need to know about protecting your cloud security when using the Amazon Web Services (AWS) shared responsibility model.

Why a Cloud Shared Responsibly Model Makes Sense

For many, security goes hand-in-hand with control. One can’t secure something unless one has control over it, the logic goes. It takes a cue from the perimeter-based model. The holder of the data needs to not only own the apps and data but also the base infrastructure itself.

Not so in the cloud. This approach follows the AWS shared responsibility model. In this model, the data holder shares security duties with their cloud service provider (CSP). The latter is always in charge of physically securing the infrastructure. From there, the balance shifts depending on the cloud deployment model in use.

There are a few options when it comes to how to do this. Groups with a software-as-a-service (SaaS) model are solely responsible for the defense of their cloud-based data, for instance. The CSP is at least somewhat on the hook for everything else. In a platform-as-a-service (PaaS) model, organizations need to broaden their duties to focus more on their apps with client and endpoint protection. Lastly, one could use the infrastructure-as-a-service (IaaS) model. Here, customers’ obligations expand even further to share the load for using network controls and securing the host.

This brings us to human error and the AWS shared responsibility model. Most groups dealing with this model don’t understand it. Indeed, an Oracle and KPMG cybersecurity report found just 8% of IT security leaders felt they fully understood the AWS shared security model. Such confusion could lead them to overlook key cloud security functions or AWS shared controls for which they’re at least partially on the hook. It could also result in them doubling up on functions that aren’t theirs to provide, wasting budget and resources.

The Shared Responsibility Model in Action

So, how do you make sure your people understand what they need to do to secure the cloud? A good provider is honest about this potential confusion. For example, in an effort to help make the security balance clearer to its customers, Amazon Web Services published a breakdown of its shared responsibility model on its website.

AWS also partnered with QRadar to deliver free rules and reference sets in order to help customers gain more insight into the cloud. Users can view these and other data points from within the QRadar Console. They don’t have to go looking through piles of alerts in an attempt to understand what’s going on in their cloud networks. This complements AWS’s defense duties without customers needing to look elsewhere for tools, worry about adding third-party products or make cloud defense more complex than it needs to be. They can keep their end of the cloud safe solely through the AWS-QRadar partnership.

Tools as the Answer to Cloud Computing Security Incidents

Human error and misconfigurations can threaten your data in the cloud. That’s even more true when it comes to knowing what exactly you need to secure. In response, consider working with CSPs that are upfront about their shared responsibilities. Remember that sometimes the best solution to human error is the right tools. Using a partnership of solutions such as the AWS shared responsibility model and AWS-QRadar can help to simplify the process of cloud security and give you the insight you need. This will help cut down on misconfigurations in the cloud and keep your assets secure.

More from Cloud Security

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell

IBM Security X-Force Red took a deeper look at the Google Cloud Platform (GCP) and found a potential method an attacker could use to persist in GCP via the Google Cloud Shell. Google Cloud Shell is a service that provides a web-based shell where GCP administrative activities can be performed. A web-based shell is a nice feature because it allows developers and administrators to manage GCP resources without having to install or keep any software locally on their system. From…