The Eight Great Cloud Security Fallacies

Transitioning to cloud services introduces a new set of security challenges for DevOps and Security teams, who must first understand that using a cloud service provider does not relieve them of security responsibilities.

Most, if not all, cloud providers apply a shared responsibility model to security. With modern cloud migrations increasingly extending beyond simple Software-as-a-Service platforms to more fully-featured Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) offerings, the degree of responsibility for in-house teams is correspondingly growing.

Unfortunately, many teams still do not fully understand what tools, policies, and practices are most effective in the modern cloud environment. And, attempts to simply apply security frameworks and policies from on-premises to cloud is not a winning approach. Instead, it is imperative for in-house security professionals, from the CISO to SecOps teams and DevSecOps teams, to learn how to build robust and effective cloud-specific security programs.

This whitepaper identifies several common misconceptions about cloud security and discusses their effects on security efforts. It then addresses how IT and security departments can overcome these fallacies to improve their cloud security posture.