Evolution of shared responsibility model: An ecosystem approach enables greater cloud agility and security for enterprises
October 2021 by Srinivasan CR, Chief Digital Officer, Tata Communications
Cybersecurity is topmost in business leaders minds the world over, more so in the new paradigm we are in today. Popularity of cloud services is revolutionising the digital economy with flexibility, scalability, and reduced operational costs for businesses. However, the sudden shift to remote working put these benefits into sharp scrutiny.
The business burden of the shared responsibility model
An evolved shared cloud responsibility model has emerged offering a new and more comprehensive approach to cloud management. For most of cloud’s history, enterprises have worked under the shared cloud responsibility model with clearly defined security responsibilities for cloud service providers (CSP) and businesses engaging their services. While CSPs take a large share of cloud security responsibility, more aspects are under the purview of businesses. CSPs are in charge of securing the backbone to protect the hardware, software, networking, and data centre facilities. The individual businesses need to take care of all other security mandates including protecting endpoints, network traffic, access, applications, procuring security controls, monitoring security incidents, and complying to regulations. Most often this leads to enhancing expertise levels as well as adding resource costs which, very often, becomes an impediment for many enterprises.
With a growing list of increasingly complex security tasks, a shortage of cybersecurity talent availability in the market, enterprises are that much more challenged. And, with hybrid working looking to soon replace traditional working models for many, evolution of this approach is critical to mitigate the risk of cyberthreats and drain on resources to prevent attacks. Cybercriminals have long been aware of the responsibility division between CSPs and enterprises, its lacunae and challenges. As a result, they consciously attack an enterprise’s infrastructure which comes under the businesses’ purview. Hence, businesses must move quick to win the security race to protect themselves. A transformation of the two-party approach of the traditional shared responsibility model helps achieve this.
An evolved shared cloud security responsibility
Transforming the security ecosystem at scale and speed is imperative and this is coming with the evolution of Managed Security Service Providers (MSSP) role in the cloud security shared responsibility model. They act as third-party service providers between enterprises and their CSPs to provide strategic direction and support and, effectively overcome various cloud challenges such as end-to-end security, cyber threats, compliance, scalability and skills gap, to name a few. MSSPs support enterprises at every step of their cloud journey from initial assessments and migration, through to day-to-day management including monitoring and governance. MSSPs are advocates for enterprises, ensuring cloud strategies are aligned with the business’ priorities and pace along their digital transformation journey. They are constantly monitoring and testing an enterprise’s defences and shields for better understanding its probable and possible threat types, prepare risk mitigation strategies and ensure cyberthreat protection. A shared cloud security model helps enterprises ease the burden of managing in-house cloud security talent and skillsets while availing the best guardrails. For instance, MSSPs can be enlisted to take over the rapid scaling up or down of services – a task that has several complicated challenges such as misconfigurations and inconsistent policy enforcements. This allows enterprises to focus on its core business – employees, customers and future of their enterprise with peace of mind and agility.
An ecosystem approach for greater agility
As enterprises’ businesses scale, so also, the volume and complexity of its operations increases. This makes cloud infrastructure security a critical need of business success and growth making a case for continuous and consistent evaluation. To achieve this, MSSPs leverage an ecosystem of cloud native and third-party applications to provide constant and comprehensive security. MSSPs also provide businesses benefits of orchestration that helps them optimise various functions, along with data response ability and other features that make it easier for enterprises to maintain regulatory compliance. We see MSSPs reimagining the cloud security framework as a whole and inspiring the industry to embrace it. The Comprehensive Responsibility Model highlights a mindset shift to cloud security and outlines the many areas MSSPs bring expertise to support businesses. These include governance, risk mitigation, compliance, procurement and implementation of comprehensive security.
With these security responsibilities no longer weighing businesses down, it opens a whole new realm of possibilities for enterprises. This added support gives businesses more time and expertise to focus on digitising their innovation, delivering better and more secure customer services and capabilities, optimising cost, and reducing worker efforts, to name just a few.
The future of the new evolved cloud security shared responsibility is going to harbour new businesses. On one side, there will be enterprises attempting to achieve digital transformation by investing large amounts of time and resources to combat increasing cyberthreats and manage vital responsivity toll. On the other side, there will be businesses supported by MSSPs under a modified, comprehensive responsibility model, that will ease pressure to divert resources towards cloud challenges enabling improvements in employee and user experiences, whilst optimising operations. As we craft the new world, shared security responsibility is the answer for enterprises to drive collective success of the cybersecurity ecosystem for a better and safer future.