QA | 30 November 2016
Cloud services have been around for a number of years and it is gaining in popularity. In fact most businesses are now using some form of cloud. In a recent survey 68% of respondents are using cloud in their IT mix. There are a whole host of benefits including increased efficiency, flexibility and more. The benefits can be huge. Instead of having upfront capital expenditure, businesses can ‘pay-as-you-go’. There are a whole host of other benefits which are discussed in a previous blog.
Although many understand the benefits of cloud, many businesses still have concerns.
QA recently sponsored a Cloud and Infrastructure research paper “Cloud first, Cloud only or Cloud never” which was the result of in-depth interviews with IT and business decision makers, focus group discussions of senior technical employees, a nationwide survey and interviews with key thought leaders and companies.
The research itself was undertaken by Computing, to understand the growth in the market for Cloud and the degree to which the Cloud has grown in importance to data centre and infrastructure. The review contained some unique insights from high-ranking IT decisions makers into the scale of the growth.
One of the key points we took from the paper was security. 45% of those surveyed* had security as a main concern when it comes to Cloud adoption.
With security being one of the biggest concerns, we spoke to AWS, one of the leaders in Cloud services to see what measures they have taken to ensure their platform is secure.
According to the AWS Security Best Practices whitepaper under the AWS shared responsibility model, AWS will provide a global secure infrastructure and foundation compute, storage, networking and database services, as well as higher level services. They also provide a range of security services and features that AWS customers can use to secure their assets.
A customer can build their systems using AWS as the foundation and architect an Information Security Management System
(ISMS) that takes advantage of AWS features. But to design an ISMS in AWS, you must first be familiar with the AWS shared responsibility model, which ensures AWS and customers to work together towards security objectives.
According to an AWS case study with Capital One Rob Alexander, Capital One's chief information officer, says:
"The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers. Capital One selected AWS for its security model and for the ability to provision infrastructure on the fly, the elasticity to handle purchasing demands at peak times, its high availability, and its pace of innovation”
Information security is ultimately a joint responsibility. AWS provides an extremely secure infrastructure and service ensuring the customer is protected. The customer is responsible for a secure operating system, platform and data. Tod Soderstorm, CTO, NASA JPL says in their AWS case study:
“Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centres.”
QA have a comprehensive range of Cloud courses some of which cover security in the Cloud specifically. QA’s training experts have written an Operational Cloud Security course and a Cloud Security Architecture course. These are both non-platform related courses giving an overview of security in the Cloud and overall Cloud security principles.
QA are also the most experienced AWS training partner in the UK, with AWS certified trainers who can deliver the Security Operations on AWS course as well as a full curriculum of Amazon Web Services courses.
*Computing research, Cloud and Infrastructure, Cloud first, Cloud only or Cloud never