Cloud & Security – The Top 3 Shared Responsibilities

In a mobile-first environment where all things live on the Cloud, companies around the globe are getting ever closer to optimising their Security strategy. Yet, the reality is – when it comes to compliance – the job is never finished. Ensure you’re getting the most out of your relationship by wholly getting to grips with the top priorities.

Daniel von Büren, Technical Solutions Professional at Microsoft:

“It’s important that the customer has a robust understanding of what responsibilities are in their remit – and what controls they need to fulfil. There’s always more to learn here.”

1. Client & End-Point Protection

It’s all about accountability. Half of that comes from your Content Security Policy (CSP) plus the tools you employ to manage company devices and mobile applications. The rest is down to how you oversee your users.

Despite the ability to overcome many major security challenges, your Mobile Management Solution can’t do it all. Does your latest Bring Your Own Device (BYOD) policy fall short? Have there been any cases of foul play? Protecting your end-point starts with you. Make sure you’re not operating off of rocky foundations.

2. Identity & Access Management

How confidential is your data? Are your employees sharing highly sensitive information by email every day? The answer might be obvious but it’s important that the services you provide mirror it.

While functionality is the responsibility of your Cloud provider – such as Microsoft Azure or Syntaro Otelligence – configuration of the appropriate access controls is solely down to you. For example, the customer has to decide whether a multi-factor authentication infrastructure is required (think SMS tokens and the like) or whether a simple username and password is sufficient.

You hold the key to an effective implementation plan.

3. Application level controls

Good news all round. Web services, analytics, Batch, docDb…platform-managed applications and services like these are increasingly lessening customer responsibilities. Nonetheless, managed applications require extensive company knowhow. How does Syntaro know if our services match your desired state?

Let’s take Azure Web Service as an example. By default, it’s publicly viewable. But does this feature match your company baselines? A CSPs compliance audit reports can be used to compliment a customer deployment, meaning you’re in control when it comes to meeting regulatory obligations.

Curious to learn more about the shared responsibilities that matter to your business? Comment or join the Syntaro community. Or why not purchase a book on the subject? We recommend Microsoft Azure’s latest or Enterprise Mobility Suite.