Digital SecurityTechnology For SMEs

Need for CISOs to Build Threat Modelling in Evolving Cloud Applications

Sharing is caring!

Article by Tejas Sheth, Cloud Security Architect, Trend Micro

“What is my security responsibility in the cloud when I am using IaaS, PaaS and/or Serverless application?” This is one of the most common questions we get asked by companies that are considering moving to the cloud and/or modernize their application with microservice architecture. This is because today the application uses multiple services from single/multiple cloud service provider and each service in the cloud has differently shared security responsibility.

Shared security responsibility in the cloud environment change based on application architecture and type of cloud services it integrates to.

Generally speaking, the cloud service provider, such as AWS or Azure, takes care of the infrastructure and security of the cloud. The customer, on the other hand, is responsible for securing everything in the cloud.

This shared responsibility model gives businesses the ownership and control of their data, applications, and operating system, just like in the on-premise environment. But not all cloud services provide the same type of controls on the operating system platform. It means that companies that are using PaaS, and containerized application have different security responsibility than companies using pure IaaS and/or Serverless applications.

The companies may find themselves confronted by different security challenges as they move through different stages of cloud adoption. Therefore, it is important for CISOs and solution architects to create threat modelling for the evolving application architecture in the cloud.

Faiz Askari

Faiz is a mediapreneur specialised in Small Business and Technology domain.

Related Articles

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this: