by Laura Baker, CyberWyoming
Foreword: It is always wonderful to see Wyoming companies altruistically supporting cybersecurity education in Wyoming. Green House Data takes this seriously and I’m happy to pass on their knowledge.
CHEYENNE – Dan Deter, Green House Data’s Security Director spoke on evaluating cloud service providers in terms of security at the October 23rd Wyoming Cybersecurity Symposium.
Technical professionals and business owners often move work systems to the cloud to distribute risk, but there are basic questions to ask to make sure that they have outsourced to a security aware vendor. Deter covered these points and more.
Against common perception, even if a business outsources to the cloud, it is really important to look at the terms and conditions of the contract. Many cloud companies have a limit of liability and the data breach financial responsibility always resides with the data owner explained Deter.
“Business owners often say my IaaS (infrastructure as a service) provider has like 15 certifications, from FedRAMP to ISO, so I’m secure, right?” said Deter. “But those certifications don’t mean what you think they mean. Understanding what certificates your cloud provider has obtained is 1/10th the answer,” he continued.
So what is the answer? Each business owner needs to have a process for identifying which controls your cloud provider owns and managers versus the other 9/10 of the puzzle that the business owner is responsible for.
Deter explained the shared responsibility model for cloud providers. With IaaS (Infrastructure as a Service), the business owner is responsible for their personnel, data, application security, operating system updates, and virtual networks. The only items a cloud provider is responsible for are the virtualization platform and the physical infrastructure.
If you missed the Cybersecurity Symposium, Deter is going to provide the same presentation called Cloud Security Controls: Who is Responsible for What? via a webinar on December 11 at 9 a.m. However, he will also include demonstrations on how to configure a HIPAA compliant cloud environment. Sign up for the webinar at https://register.gotowebinar.com/register/7466991674898810892.
Green House Data is active in other cyber awareness efforts in the Cheyenne area and the state. They participate in the Great Cheyenne Chamber of Commerce’s cybersecurity committee for business where business owners can ask questions about the cloud and other technological issues.
Green House Data also sponsors the nonprofit CyberWyoming whose mission is cybersecurity education and outreach for Wyoming. Recently, this included providing tours of their data center in the Greater Cheyenne Chamber of Commerce Cybersecurity Business Counselor training. The Cybersecurity Business Counselor program walks Cheyenne businesses through a process to create a cyber leader in their office and meet best practices in cybersecurity. The program started when the Chamber and CyberWyoming won a Microsoft grant to fund the classroom and on-the-job training.
“Touring the data center really altered my perception of the cloud and brought it into reality,” said Alexandra Farkas, Cybersecurity Business Counselor at the Greater Cheyenne Chamber of Commerce. “Everyone should get the chance to see how we are all connected, how elaborate the security protocols are, and what an amazing operating system it is.”
Green House Data will provide scheduled, guided tours for K-12 students when requested by the teacher or school district. Students have the chance to learn about energy footprints, why data centers are located in Cheyenne, high security protocols, redundancy, and see what part of the cloud actually looks like.