wonderfully unique software solutions

Threat prevention and users must work in balance: Stormshield

Security cannot be just the responsibility of technology vendors if organisations want to stay ahead of advanced persistent threats to cloud computing, according to endpoint and firewalling specialist Stormshield.

Matthieu Bonenfant, chief marketing officer at Stormshield, has warned that users also have a role to play as cloud services continue to advance — implying that for best results, a balancing of roles may be required.

“Outsourcing in the cloud does not work on any sort of ‘click and forget’ basis: customers need to remain alert and take on several safety responsibilities, or else serious incidents may occur,” Bonenfant says.

He notes that an increased need for online services during the pandemic has cemented the public cloud as a key tool when transforming business operations. However, as organisations move data and applications to the cloud, they also create a larger attack surface.

“Like it or not, the cloud does not offer the option of completely outsourcing the security of migrated IT assets,” Bonenfant says.

“The trust that we bring to our cloud environment must operate at all levels, from outsourced service providers to security applications and solutions managed directly by the customer.”

And when it comes to who secures what in the cloud, there is no single answer, he warns — not least because cybersecurity providers themselves can be attacked.

“It all depends on the model offered by the cloud provider. This is why the company needs to understand what its supplier is responsible for in terms of security, and what it is required to secure itself,” Bonenfant says.

With IaaS, the cloud provider is responsible only for the physical infrastructure underlying the cloud and its security — leaving the customer in charge of security at all other levels, he says.

PaaS adds virtual infrastructure security to the responsibilities of the provider, with the customer taking care of identities and data.

“Finally, in a SaaS model, the bulk of the responsibility for security rests with the supplier; however, the customer must always keep control over identities and their own data,” Bonenfant explains.

Customers should talk to every supplier about which other security responsibilities they have, in line with contract terms — especially when it comes to hybrid or multi-cloud strategies, he says.

According to the UK’s Department for Digital, Culture, Media and Sport, cybersecurity breaches remain a serious threat to all types of businesses and charities.

“Among those identifying breaches or attacks, their frequency is undiminished, and phishing remains the most common threat vector,” it said in its 2021 cybersecurity breaches survey.

“Four in ten businesses (39%) and a quarter of charities (26%) report having cybersecurity

breaches or attacks in the last 12 months.”

Click here to read his full blog post.

( Photo by Edu Lauton on Unsplash )

Recent Articles

Cross-browser testing provider BrowserStack named Microsoft ‘partner of choice’

Software testing platform provider BrowserStack has announced a strategic partnership with Microsoft to support Visual Studio App Center users transitioning to BrowserStack...

JetBrains rolls out full-line code completion for its IDEs

Developer tools company JetBrains has added to its AI-enablement tools with full-line code completion for its integrated development environments (IDEs), separate to...

OpenText renews X12 supply-chain data standards partnership

Enterprise information management (EIM) software vendor OpenText is renewing its partner licensing agreement with the X12 electronic data interchange (EDI) standards organisation.

LiveAction NPM performance extended for Cisco unified server users

Network intelligence from vendor LiveAction has been certified to work with high performance Cisco servers, increasing availability of its packet data and...

CoSoSys endpoint DLP helps protect NHS ambulance services

Endpoint Protector by CoSoSys was deployed to control removable devices and enforce endpoint encryption wherever some 4000 staff at NHS South East...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox