Cloud Computing , Compliance , Technology

Cloud Infrastructure Security: Who's Responsible?

Kevin Flynn of Skybox Security Discusses Critical Cloud Data Protection Issues
Kevin Flynn, global director of products, Skybox Security

Even though contract terms are "in black and white," it's critical for entities to remember that major infrastructure cloud services providers, such as Amazon and Microsoft, have a very limited responsibility for their customers' data security, says Kevin Flynn of Skybox Security.

See Also: How to Scale Your Vendor Risk Management Program

Generally, infrastructure cloud services vendors "lay out the physical location, the basic networking, the fact that [systems] will stay up and running" as their responsibility, he says. "If you look at what they state, the information on the applications, customer data, the operating systems, the authentication processes are all the users' or the customers' responsibility, he says.

In fact, some research has found that "95 percent of security incidents that occur in the cloud environment are the responsibility, or fault of the customer," he notes.

In the video interview at Information Security Media Group's recent Fraud and Breach Summit in Toronto, Flynn, who was a featured speaker, also discusses:

  • Common mistakes entities make related to cloud infrastructure security;
  • The importance of "tagging" information based on geography and criticality;
  • The potential impact of upcoming GDPR regulations on cloud-based data.

Flynn is global director of products at Skybox Security. Previously, he was director of product marketing at Blue Coat Systems. He has more than 25 years of experience in high tech and has been involved in cybersecurity technologies for more than a decade.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Marianne Kolbasuk McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network