Cloud service providers operate under a model known as “shared responsibility,” where customers of the service provider have varying levels of responsibility and control of security configurations, depending on the cloud service they use and the amount of control that the cloud service provider has abstracted away from their customers.
Users that rely on cloud service providers may have questions that resemble the following:
- What is my total cloud footprint?
- How can I understand and manage the risks inherent in the parts of the Cloud that are within my control?
- How do I ensure my and my vendors’ cloud service providers are holding up their end of the bargain?
- How can I efficiently quantify and report on these risks along with my vendors in a standard manner?
Since organizations use a vast array of different cloud services today, this can often be a challenging topic. Among many others, Amazon Web Services and Microsoft both offer useful guidance on this topic.
The amount of control that might rest with each organization for a given type of cloud service demonstrates the security posture of the corporate control, where no responsibility is shared between the cloud service provider and their customers.
Content Delivery Network
If a company is hosting a website on a Content Delivery Network (CDN), that IP address is typically not included in their IP address map. The domain that‘s hosted there is included in the rating. In many CDN situations, the actual hardware may be used by more than just that one company. Therefore, it wouldn’t be fair to attribute findings that are coming from that IP address to the company.
You or your vendor should consider monitoring the CDN through our platform to be confident that the CDN is managing the infrastructure cleanly.
Feedback
0 comments
Please sign in to leave a comment.