Cybercriminals know and exploit the rift between CSPs and enterprises, so the model needs a comprehensive ecosystem approach, argues this expert.
With cybercrime expected to cost US$10.5tn annually by 2025, the criticality of securing data is at a totally new level of magnitude.
While cloud-based digital transformation is revolutionizing the digital economy, the sudden shift to remote-working has put these benefits into sharp scrutiny. The need to fortify businesses has become that much more critical.
A little backgrounder here: For most of the history of the Cloud, enterprises have worked under the ‘shared responsibility’ model for cloud security with clearly-defined security responsibilities for cloud service providers (CSPs) and businesses engaging their services: while CSPs take a large share of cloud security responsibility, more aspects are under the purview of businesses.
- CSPs are in charge of securing the backbone to protect the hardware, software, networking, and data centre facilities.
- The individual businesses need to take care of all other security mandates including protecting endpoints, network traffic, access, applications, procuring security controls, monitoring security incidents, and complying to regulations.
- Most often this leads to enhancing expertise levels as well as adding resource costs which, very often, become an impediment for many enterprises.
- With a growing list of increasingly complex security tasks, and the shortage of cybersecurity talent in the market, enterprises are that much more challenged.
Furthermore, with hybrid working looking to soon replace traditional working models for many, this legacy ‘shared cloud responsibility’ has to evolve to mitigate the risk of cyber threats and the drain on resources that can lead to attacks.
Cybercriminals have long been aware of the responsibility division between CSPs and enterprises, its lacunae and challenges. As a result, they consciously attack infrastructure that is under the businesses’ purview. Hence, businesses must move quick to win the security race to protect themselves. A transformation of the two-party approach of the traditional shared responsibility model helps achieve this.
Evolving the old paradigm
Now, an evolved ‘shared cloud security responsibility’ model has emerged offering a new and more comprehensive approach to cloud management.
Transforming the security ecosystem at scale and speed is imperative and this is coming with the evolution of Managed Security Service Providers’ (MSSP) role in the old model. These MSSPs perform the following roles:
- act as third-party service providers between enterprises and their CSPs to provide strategic direction and support and, effectively oversee various cloud challenges such as end-to-end security, cyber threats, compliance, scalability and skills gap, to name a few.
- support enterprises at every step of their cloud journey from initial assessment and migration, through to day-to-day management including monitoring and governance.
- serve as advocates for enterprises, ensuring cloud strategies are aligned with each business’ priorities and pace along their digital transformation journey. They are constantly monitoring and testing an enterprise’s defenses and shields for a better understanding of probable and possible threat types, in order to prepare risk mitigation strategies and ensure cyber threat protection.
- help enterprises ease the burden of managing in-house cloud security talent and skillsets while availing the best guardrails. For instance, MSSPs can be enlisted to take over the rapid scaling up or down of services—a task that has several complicated challenges such as misconfigurations and inconsistent policy enforcements. With MSSPs helping, enterprises can focus on their core business.
- provide businesses the benefits of orchestration to optimize various functions, along with data response ability and other features that make it easier for enterprises to maintain regulatory compliance.
- reimagining the cloud security framework as a whole, and inspiring the industry to embrace that framework.
An ecosystem approach for greater agility
As enterprises scale their businesses, so too will the volume and complexity of operations increase. This makes continuous and consistent evaluation of cloud infrastructure security a critical need. To achieve this, MSSPs leverage an ecosystem of cloud-native and third-party applications to provide constant and comprehensive security.
The evolved model explained herein is a Comprehensive Responsibility Model that highlights a mindset shift to cloud security and outlines the many areas MSSPs bring expertise to support businesses. These include governance, risk mitigation, compliance, procurement and implementation of comprehensive security.
With these security responsibilities no longer weighing businesses down, a whole new realm of possibilities is opened up for enterprises: they can focus on innovation; deliver better and more secure customer services and capabilities; optimize cost; and reduce worker efforts, to name just a few benefits.
In the landscape of the ‘cloud security shared responsibility’ there will be enterprises attempting to achieve digital transformation by investing large amounts of time and resources to combat increasing cyber threats and manage vital responsivity toll. And there will be the enterprises supported by a modified, comprehensive responsibility model where MSSPs help to ease the pressure to divert resources towards cloud challenges but instead be empowered to focus on employee/user experiences, innovation and business agility.
As we craft the new world, an evolved shared security responsibility is the answer for enterprises to drive collective success of the cybersecurity ecosystem for a better and safer future.