Cloud Security and Remote Work

Shared Responsibility Model in the Cloud

In the cloud, security is a shared responsibility: the provider is responsible for the security of the "cloud" (physical data centers, hypervisors, network infrastructure). The client is responsible for security "in the cloud": configuring services, data, access, applications.

The main mistake: believing that AWS/Azure "do everything for us." The biggest cloud leaks are the result of incorrect client configuration (for example, an open S3 bucket).

Key Cloud Security Risks

Misconfiguration: accidentally opening public access to data. Capital One (2019): $150 million fine due to incorrect AWS IAM configuration.

Excessive privileges: every service and user should have only the minimum necessary rights (IAM policies).

Insufficient monitoring: it is harder to track activity in the cloud. Cloud Security Posture Management (CSPM) — automated configuration monitoring.

Shadow IT: employees use unauthorized cloud services (personal Dropbox for work documents).

Security During Remote Work

COVID-19 moved millions of employees home. The security perimeter disappeared: data is now on home laptops, through home routers.

ZTNA (Zero Trust Network Access): replaces VPN. Access to specific applications (rather than the whole network) through continuous verification of the user and device.

MDM (Mobile Device Management): management of corporate devices — remote blocking/wiping, enforced encryption, application management.

BYOD (Bring Your Own Device): policies on using personal devices for work. Containerization: corporate data is in an encrypted "container" on a personal phone.

Practical Assignment

The company (100 people, 70% remote) migrated to AWS. Conduct a basic audit of cloud security: (1) Is MFA enabled for all IAM accounts? (2) Are there publicly accessible S3 buckets? (3) Is CloudTrail (logging of all actions) configured? (4) How do employees connect to corporate resources? Suggest three top-priority improvements.