Blog

Data Security in Cloud Computing: Who’s in Charge?

Enterprise cloud security solutions: electronic entry point

 

“How secure is my data in the cloud?”

 

That’s been the first question on everyone’s mind since the dawn of cloud computing. Think back even further to the early days of and e-commerce data security. Consumers want to keep their sensitive payment and personally identifiable information (PII) data safe. And they were initially reluctant to give up their information, even for the convenience of shopping and banking online. Eventually, people gained peace of mind that their data would be secure, first in on-premises servers and with data security in cloud computing. That doesn’t mean that incidents don’t happen. But today, people shop at Amazon and store their credit card numbers online without blinking an eye.  

 

Data security in cloud computing: The enterprise point of view

Of course, for enterprises, that question is exponentially more critical than it is for a single person. Because one enterprise organization can be responsible for the cloud data security of data from millions of customers. Not only that, but companies across industries must comply with regulatory and security requirements or face serious penalties. 

 

Today, the cloud is the most powerful and cost-effective place to store and analyze the petabytes of data that enterprise companies collect every day. So it’s only natural that CIOs, CTOs, CSOs, and CDOs focus on cloud security early and often. However, the real question for businesses isn’t, “How secure is my data in the cloud?”, but rather, “Am I using the cloud securely?” 

 

Shared security responsibilities in the cloud

All major cloud providers have cloud security solutions and measures that help safeguard enterprise cloud data. But knowing what security measures your business needs and the steps you need to follow to keep your business data secure ultimately still falls with you. For example, you will always need to ensure that data is properly encrypted during every step of the data journey, and that necessary security controls are in place. 

 

That said, there are aspects of data cloud security that cloud providers can manage so that your business can outsource some of that responsibility. How much data security management you entrust to a cloud provider entirely depends on the needs and requirements of your business. There are several different security models, some of which give you more control, some that hand off that control to cloud providers. 

 

Enterprise Cloud Security Solutions: This is a diagram of the cloud responsibility scale

Who’s in charge of data cloud security?

Data cloud security solutions and management can depend on three things: your own enterprise team, your data architecture deployment model, and your cloud service model. Which models you choose will slide the security responsibility more toward you, the cloud consumer, or your cloud providers.

 

Enterprise cloud security solutions: This is a diagram of cloud deployment and service models

Deployment models

Generally speaking, deployment models for your typical technology components fall into three buckets.

 

On-premises deployment

How it works:

The business intelligence architecture is deployed into an on-premises or hosted environment. It could be a stand-alone client installed on a PC or laptop, or a service installed on an on-premises server.

 

Considerations

On-premises deployment is typically the easiest way to provide access to on-premises data sources, if a product or service also resides on-premises. However, it can have limited scalability and high maintenance costs.

 

Level of security and control

On-premises, you have the most control over the implementation of security controls. This allows you to provision and deploy in a manner consistent with existing internal processes.

 

Cloud deployment

How it works

A product is deployed solely in the cloud, into a particular cloud service model. It can be a legacy product “updated for the cloud” by deploying it to a cloud service model. Or it can be a “cloud-native” product, built to operate only in the cloud.

 

Considerations

Cloud deployment offers a level of redundancy and scale that isn’t tenable in on-premises deployment due to complexity and cost. It doesn’t require the overhead needed to procure or administer hardware, which is inherent to on-premises deployment. But you will need to consider how to provide access to required data sources.

 

Level of security and control

You are ultimately responsible for ensuring that security controls are in place. However, cloud providers can oversee implementation and enforcement of those security controls.

 

Hybrid deployment

How it works

Some components of the architecture are deployed on-premises while others reside in a cloud environment. Cloud components may be hosted in any of the cloud service models. And on-premises may be a client on a PC or laptop, a service on a server, or both.

 

Considerations

A hybrid model can be the best of both worlds in terms of deployment, maintenance, and security. Frequently, on-premises applications access on-premises data sources. However, it’s also important to consider how on-premises and cloud components might communicate.

 

Level of security and control

Each component will have its own relative level of security and control, depending on whether it’s in the cloud or on-premises. A hybrid model allows control over which data resides in which location. But it could also make overall security management more complex.

 

Cloud service models

Cloud service models are the typical ways that consumers access and use cloud resources. There are three primary cloud service models.

 

Infrastructure as a Service (IaaS):

How it works

Uses processing, storage, networks, and other fundamental computing resources available in the cloud to deploy and run software, including operating systems and custom applications.

 

Considerations

A good fit for enterprises that need to quickly provision or scale compute and storage resources. Requires fine-grained control over how those resources are used and configured.

 

Level of security and control

You have lower-level control over operating systems, applications, and storage, and limited control of select networking components.

 

Examples of IaaS:

 

  • Amazon Web Services (EC2/AWS EC3)
  • Microsoft Azure (Virtual Machines/Microsoft Azure Blob Storage)
  • Google Compute Engine/Google Cloud Storage

 

Platform as a Service (PaaS)

How it works

You deploy consumer-created or acquired applications onto the cloud using programming languages, libraries, services, and tools supported by the cloud provider.

 

Considerations

Often built on top of IaaS, resulting in two cloud providers to consider. The PaaS product itself typically provides security controls that you can configure to ensure that your enterprise security needs are met around the use of the product.

 

Level of security and control

You have control over the deployed applications and possibly configuration settings for the application-hosting environment. However, security controls can vary greatly, depending on the nature of the PaaS provider.

 

Examples of PaaS:

 

  • Snowflake data warehouse
  • Amazon Redshift
  • Google BigQuery

 

Software as a Service

How it works

You use the cloud provider’s applications running on a cloud infrastructure on various devices. You can access through either a thin client interface, such as a web browser (for example, web-based email), or a program interface.

 

Considerations

Combines IaaS and PaaS, and involves multiple cloud providers in various roles. Security controls are built into a SaaS application – you have restricted access to the cloud components that comprise the product. 

 

Level of security and control

No control of underlying cloud infrastructure (network, servers, operating systems, storage, individual application capabilities) with the possible exception of limited user-specific application configuration settings.

 

Examples of SaaS:

 

  • Looker
  • Tableau Online
  • Chartio

 

Where does Matillion ETL fit in?

 

Matillion ETL is a cloud-native product that is deployed into an IaaS environment. Unlike SaaS, a cloud-deployed product like Matillion gives you, the cloud consumer, control of your infrastructure. This control enables you to implement and manage your own security controls as required by your corporate standards. 

 

Many legacy ETL solutions, originally designed for and deployed in an on-premises environment, have been updated to work in a cloud environment via a SaaS solution. However, Matillion ETL is a cloud-native solution: purpose-built to take full advantage of the cloud. 

 

Read more about enterprise data cloud security

 

To learn more about enterprise data cloud security, and which cloud security solutions might work best for your business, download our latest ebook, The Data Leader’s Guide to Enterprise Cloud Security and Data Architecture