Cloud computing is not a new technology, but a new way of taking advantage of computing services and resources. Cloud computing arose from the need to democratize technology and allow companies with fewer resources to access technology that previously used to be available only to large companies. It also allowed for payment to be made for its use on demand, opting for the creation of more flexible, fast, and secure business models.
One of the barriers to massive implementation of cloud computing has been security, since the general perception is that information protection is virtually in the hands of the service provider. This myth has been dispelled with the range of cloud computing models available: private and public clouds. A multi-cloud environment, a combination of both models, is one of the most widely implemented due to its positive relationship between security and performance.
Although the migration of companies to cloud environments brings with it opportunities to use capacities and speeds not available inhouse, we must look back to see the risks associated with both the use of technologies and the people who control them. Having visibility of these risks and controlling them generates trust; in other words, applying security allows companies to build digital trust.
Several aspects must be evaluated to build digital trust when adopting any of the available cloud computing models:
Shared security responsibility model: This determines responsibilities for both the provider and the company. In this new digital environment, it is valuable for the provider to have security certifications related to its cloud services.
Security architecture: Security technologies are most effective when considered from the beginning of a company’s architecture, infrastructure, or processes. It is less expensive to implement security at the end of the cycle.
Visibility: Cloud environments include a variety of applications and modules with different characteristics. Therefore, it is advisable to have a map of information assets and their dependence on the contracted cloud environment.
There is comfort and availability when implementing security in cloud environments. This can be achieved without greater complexities and investments in systems and architectures that allow management of the complete cycle of identities and access control, as well as updates and patching, Zero Trust solutions, threat monitoring, and response to incidents, to mention a few.
The main conclusion is that, from a security point of view, economies of scale and flexibility in the cloud are both favorable and effective elements. Massive concentrations of resources and data are a more attractive target for attackers, but cloud-based defenses can be more robust, scalable, and cost effective.