Cloud Security , Next-Generation Technologies & Secure Development , Standards, Regulations & Compliance
Cloud Infrastructure Security: Who's Responsible?Kevin Flynn of Skybox Security Discusses Critical Cloud Data Protection Issues
Even though contract terms are "in black and white," it's critical for entities to remember that major infrastructure cloud services providers, such as Amazon and Microsoft, have a very limited responsibility for their customers' data security, says Kevin Flynn of Skybox Security.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Generally, infrastructure cloud services vendors "lay out the physical location, the basic networking, the fact that [systems] will stay up and running" as their responsibility, he says. "If you look at what they state, the information on the applications, customer data, the operating systems, the authentication processes are all the users' or the customers' responsibility, he says.
In fact, some research has found that "95 percent of security incidents that occur in the cloud environment are the responsibility, or fault of the customer," he notes.
In the video interview at Information Security Media Group's recent Fraud and Breach Summit in Toronto, Flynn, who was a featured speaker, also discusses:
- Common mistakes entities make related to cloud infrastructure security;
- The importance of "tagging" information based on geography and criticality;
- The potential impact of upcoming GDPR regulations on cloud-based data.
Flynn is global director of products at Skybox Security. Previously, he was director of product marketing at Blue Coat Systems. He has more than 25 years of experience in high tech and has been involved in cybersecurity technologies for more than a decade.