Application Security – A Shared Responsibility in the Cloud?
The bulk of attacks today are moving up the stack. They may be moving up the stack because app owners aren’t paying attention to their share of security in the cloud.
Since the very beginning, cloud providers have made no secret that security in the cloud is a shared responsibility. The provider agrees to deploy tools and enforce policies across the network, infrastructure, and host systems of their environments. But they place the responsibility for securing applications – from the platform to the protocols to the actual code – on the individual or organization that owns it.
In recent years, cloud providers have delivered application services designed to provide the protections necessary for customers to execute on that responsibility. Application services such as web application and network firewalls are common offerings in cloud marketplaces today. Providers of security-related application services have stepped up, as well, to ensure availability in every major cloud provider. Access control, identity federation, single-sign on, web application firewalls, bot prevention, and DDoS protection are available in every cloud environment – on-premises and off.