* By Flavio Silva
Security in cloud environments is becoming increasingly important as technology advances in your enterprise. Many companies have misconceptions about cloud environments, their providers and how to protect it all. It is important to know how to separate fact from fiction. In order to clarify several points on the subject, I share the truth about eight common myths about cloud environments.
Myth #1: Cloud providers will take care of data security - companies don't have to worry about that
The Cloud Shared Responsibility Model defines who is responsible for any operational task in the cloud, including security. In infrastructure-level services, such as cloud instances, the company's user assumes the level of the operating system, and therefore, all configuration, maintenance and security is the responsibility of your team.
Myth #2: Cloud providers are a threat to corporate data
Cloud providers provide a secure platform for storing data as an alternative to traditional networks known as on-premises. Any perceived threat results from a misunderstanding about the roles and responsibilities over how data should be managed.
Myth #3: Cloud services are less secure and more difficult to use
Cloud services have different methods of use and protection. They require learning and understanding that it is a different infrastructure than the traditional on-premises model. Being different does not mean that it is more difficult.
Myth #4: Cloud services are more secure and easier to use than on-premises infrastructure
Cloud services provide a secure platform for storing and managing corporate data and information. They may be easier to use, but don't underestimate the company's share of the Shared Responsibility Model.
Myth #5: All corporate data can be moved to the cloud and migration is quick
Cloud security has its own requirements. The concept lift-and-shift it is attractive, but it should not be used without a priority plan. Cloud configuration is a critical task that has no equivalent in the on-premises model. Hybrid or multi-cloud environments still require another security configuration.
Myth #6: Organizations with a single Cloud Solution Provider (CSP) will never be multi-cloud
Even companies with a policy of using only one CSP find changes that make it necessary to use other providers. Many are probably using CSPs that they didn't think they had, which is generally proven in security demos.
Myth #7: Containers and serverless security will be managed by cloud security tools
Containers are not automatically protected by cloud security tools, depending on the design of your model. Serverless also does not mean automatic protection. Do not assume coverage without planning and configuration.
Myth #8: There is no difference in the protection of various types of containers
Each container product has different security issues. Their design differences mean that they may not be spontaneously protected with your current security strategy. This is especially true for more niche products.
* Flavio Silva, Security Specialist and Sales Engineer at Trend Micro Brasil
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
