Table of Contents
Do not index
Do not index
For many businesses, cloud just ‘happens’. You sign up for Microsoft 365, store various files in Google Drive, or move customer data into an app that “runs in the cloud”. But what does this actually mean, and why is it so important for compliance?
This article will help you understand what cloud computing is, how it relates to your business, and why understanding it is such a crucial aspect of your cybersecurity and compliance.
What is a cloud platform?
There are multiple ways to define a cloud platform, ranging from incredibly simple, to unbelievably complex. We’re going to aim for something that’s easy to understand.
At its core, a cloud platform is the hardware and operating system of a server that is located within a data centre, accessible through the cloud. Cloud platforms provide the foundation for running apps, storing data, and delivering services over the internet, without needing physical infrastructure on your premises.
Some of the biggest names in this space are:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
Why Businesses Use Cloud Platforms
Cloud platform offer significant advantages for businesses:
- There is no upfront hardware costs – You pay monthly for what you use, rather than spending significant amounts to build your own.
- Scalability – Whether you have 5 or 5,000 users, cloud platforms will deliver the right amount of resources.
- Automatic updates and security – The cloud provider handles any maintenance of the platform, leaving you free to focus on other aspects of the business.
- Remote access – Your team can work from anywhere with an internet connection.
In short, cloud platforms let businesses move fast without worrying about looking after a server in a cupboard.
How does this relate to compliance?
A crucial aspect of using a cloud platform is that your business does not automatically become secure or compliant by using one. This is where the ‘Shared Responsibility Model’ comes into play.
Put simply, the model dictates that the cloud provider (AWS, Microsoft etc.) is responsible for keeping the platform itself secure. This means ensuring that the data centre is properly managed and maintained, the hardware is reviewed and replaced when necessary, and the service is always available (where possible).
The model then goes on to state that it is the responsibility of the user to ensure they themselves are secure when using the platform. Users are responsible for:
- The data stored in the cloud
- Who has access to it (users, admins, third-party apps)
- How it’s configured (e.g. access permissions, public links, security settings)
- The devices people use to connect (laptops, mobiles)
- Enabling basic protections like multi-factor authentication
- Keeping internal systems and endpoints secure
Compliance frameworks, such as ISO 27001, SOC 2, or Cyber Essentials, will require your business to control access to sensitive data, monitor for risks, and protect systems from misuse, which are all responsibilities of the cloud platform user, rather than the provider. It’s vital that you understand what is your responsibility when using cloud platforms, as otherwise your business will fail audits, have an unsecured environment, and potentially suffer a breach as a result.
How OneClickComply can help
At OneClickComply, we help take the complexity out of cloud compliance, especially when it comes to platforms like AWS, Microsoft Azure, and Google Cloud. These platforms offer powerful tools, but under the shared responsibility model, it’s still up to you to configure them securely and meet compliance requirements. That’s where we come in.
Our platform connects directly to your cloud environment, checks for misconfigurations or missing security controls, and allows you to automatically fix any detected issue. This means that your business can stay secure and compliant at all times, without needing to be a cloud or compliance expert. Our platform also continuously monitors your environment, checking for any change or sudden shifts, alerting you when something goes wrong.
