How to Help Secure Your Company's Cloud Deployments

Finance
- Capital
  Funding options and ways to build a positive credit history
- Cash flow
  How to optimize money moving into and out of your business
- Accounting
  Information on taxes, recordkeeping and accounting practices
Financing options for businesses

Throughout the life of your business you may need to secure outside funding. Learn about traditional and alternative financing options that can help you achieve your goals.
Strategy & Operations
- Strategy & planning
  Resources for starting, running and growing a business
- Employee management
  Ways to attract and retain the best employees
- Marketing & sales
  How to reach, convert and hold customers
- Security & information management
  Insights to help protect your business from fraud and scams
- Operations
  Trends and tactics on supply chain and logistics
Starting a new business?

Explore tools, resources and special offers that can help lay the foundation for your new business.
Ideas & Analysis
- Featured reports
  Studies on the viewpoints, goals and concerns of business owners
- Industry insights
  Reports and expert analysis on the big picture— and how it impacts your industry
Economic and market brief

Economic and market analysis for business leaders
Business Spotlight

Center for Business Empowerment

Cloud security is a shared responsibility. Your cloud provider protects infrastructure; your organization must maintain strong access management and data controls.
Your policies around identity and privilege management are crucial to maintaining security within cloud environments.
Planning for a breach and developing a cyber incident response plan is required of any business using cloud tools and platforms.

Cloud capabilities have become indispensable to almost every type of business. Hybrid (the use of a private and public cloud services) and multi-cloud (using more than one public cloud service) deployments provide data storage, enable real-time communication and collaboration, link disparate teams and systems and connect new devices to company networks. Cloud deployments can also scale up rapidly, which helps many companies quickly establish new connections and working conditions with partners, customers, internal teams and remote employees.

But these deployments also present significant cybersecurity risk from criminals who continue to exploit unpatched vulnerabilities, digital supply chains and substandard identity management. Cloud misconfigurations, shadow IT and mismanaged access can also result in lost data and compliance violations.

Cloud service providers (CSPs) offer a robust security apparatus around their products and services, but these companies are not solely responsible for secure cloud deployments. As just one example, while most CSPs offer data encryption capabilities, users typically must opt in to access them.

Whether your company uses Software as a Service/SaaS (e.g., email or data storage), Platform as a Service/PaaS (e.g., app building kits) or Infrastructure as a Service/IaaS (e.g., hybrid or multi-cloud architectures), securing your cloud deployments is a shared responsibility between you and your CSP. Specifically, your organization must create policies and controls that protect critical data, account access and the physical security of any device connecting to your cloud.

As a best practice, cloud security should follow many of the same principles that govern the security of on-premises clouds and networks that are the exclusive responsibility of the enterprise. An approach that emphasizes cyber hygiene and granting access and permissions only as needed will help you cover the security basics.

Here are steps your organization can take to improve and maintain security in your cloud deployments:

A diagram of cloud security responsibilities for cloud service providers and customers.

Taking responsibility for cloud security

Determining who is responsible for cloud security — the customer, the cloud vendor or both — varies among cloud models. In general, providers are responsible for safeguarding the infrastructure that runs services in the cloud, while cloud customers must manage access, identity of users and data storage.

For On premises infrastructure, the customer has responsibility for Data, Client endpoints, Account & access management, Application, Operating system, Network and Physical security/hardware resources.

For Infrastructure as a Service, the customer has responsibility for Data, Client endpoints, Account & access management, Application, Operating system resources. The customer and the Cloud service provide share responsibility for Network resources. The Cloud service provider has responsibility for Physical security/hardware resources.

For Platform as a Service, the customer has responsibility for Data, Client endpoints, Account & access management resources. The customer and the Cloud service provide share responsibility for Application and Network resources. The Cloud service provider has responsibility for Operating system and Physical security/hardware resources.

For Software as a Service, the customer has responsibility for Data, Client endpoints and Account & access management resources. The customer and the Cloud service provide share responsibility for Application resources. The Cloud service provider has responsibility for Operating system, Network and Physical security/hardware resources.

Back to Homepage

Explore more

Phishing. Vishing. Smishing. Keeping up with threats from scams, fraud and cyberattacks is difficult. Our resources and insights can help you protect your company and customers.

Important Disclosures and Information

Bank of America, Merrill, their affiliates and advisors do not provide legal, tax or accounting advice. Consult your own legal and/or tax advisors before making any financial decisions. Any informational materials provided are for your discussion or review purposes only. The content on the Center for Business Empowerment (including, without limitations, third party and any Bank of America content) is provided “as is” and carries no express or implied warranties, or promise or guaranty of success. Bank of America does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content, regardless of who originates that content, and disclaims the same to the extent allowable by law. All third party trademarks, service marks, trade names and logos referenced in this material are the property of their respective owners. Bank of America does not deliver and is not responsible for the products, services or performance of any third party.

Not all materials on the Center for Business Empowerment will be available in Spanish.

Certain links may direct you away from Bank of America to unaffiliated sites. Bank of America has not been involved in the preparation of the content supplied at unaffiliated sites and does not guarantee or assume any responsibility for their content. When you visit these sites, you are agreeing to all of their terms of use, including their privacy and security policies.

Credit cards, credit lines and loans are subject to credit approval and creditworthiness. Some restrictions may apply.

Merrill Lynch, Pierce, Fenner & Smith Incorporated (also referred to as “MLPF&S" or “Merrill") makes available certain investment products sponsored, managed, distributed or provided by companies that are affiliates of Bank of America Corporation (“BofA Corp."). MLPF&S is a registered broker-dealer, registered investment adviser, Member SIPC, and a wholly owned subsidiary of BofA Corp.

Banking products are provided by Bank of America, N.A., and affiliated banks, Members FDIC, and wholly owned subsidiaries of BofA Corp.

“Bank of America” and “BofA Securities” are the marketing names used by the Global Banking and Global Markets division of Bank of America Corporation. Lending, derivatives, other commercial banking activities, and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities, are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, BofA Securities, Inc., which is a registered broker-dealer and Member of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities, Inc. is a registered futures commission merchant with the CFTC and a member of the NFA.

Investment products:

Are Not FDIC Insured

Are Not Bank Guaranteed

May Lose Value