Skip Navigation
Get a Demo
 
 
 
 
 
 
 
 
 

What is cloud security?

As a subset of cybersecurity, cloud security focuses on threat protection for infrastructure, applications, and data in public, private, and hybrid clouds.

What is cloud security?

Major cloud security areas include data visibility, control and loss prevention; identity and access management (IAM); user and device authentication; business continuity/disaster recovery; and governance and regulatory compliance.

Although many traditional cybersecurity issues like advanced persistent threats and data breaches extend to the cloud, some challenges and threats are unique to cloud environments. Countering cloud account hijacking, denial of service (DoS) and distributed DoS attacks, and misconfigured APIs calls for specialized skills and tools.

Another distinctive aspect of cloud security is the shared responsibility model followed by most cloud service providers (CSPs). This model defines which security responsibilities for the cloud computing environment belong to the CSP, and which belong to the customer. At a high level, the CSP is responsible for protecting the cloud and its core infrastructure, while the customer is expected to secure data, workloads, and other assets hosted in the cloud.

Shared responsibilities vary depending on the type of cloud service being delivered, i.e., software-as-a-service (SaaS); platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS).

The most recent iteration of shared responsibility is called “shared fate.” It aims to create a closer partnership between the CSP and the customer to avoid ambiguities about and gaps in security responsibilities. Essentially, the CSP becomes more proactive in helping customers with security, such as providing secure blueprints, best practices, and guides for workloads.

Why is cloud security important?

Cloud security is a major and growing concern among IT professionals, according to the Cloud Security Alliance – especially as attacks on cloud infrastructure increase. Customers worry about cloud security issues such as complexity, lack of visibility and control, and potential vulnerabilities from shared infrastructure and services.

Encouraging broader adoption of cloud computing and its many business benefits is a fundamental reason why effective cloud security is so important. Here are some others.

  • Protection: Cloud security is essential to protect organizations and their cloud-hosted assets from a variety of current and evolving threats.
  • Risk reduction: Cloud security technologies and expertise are needed to address cloud-specific risks posed by mobile devices, SaaS and web applications, and third-party security exposures.
  • Reliability and trust: Optimizing the reliability of cloud services depends on strong, multi-layer security that is implemented by CSPs. Robust security also builds customer confidence.
  • Remote access: Effective security ensures that remote and mobile users receive safe and protected access to cloud-hosted data and applications.
  • Compliance: Cloud security is necessary to meet regulatory requirements and comply with industry standards regarding factors such as data privacy.
  • Development: Many enterprises develop, test, and run software applications in the cloud, and their developers may deploy software builds to the cloud.
  • Business continuity: Cloud security helps strengthen business continuity and disaster recovery processes by protecting data and applications that are accessed from temporary locations, devices, and systems.
  • Strategy: Finally, cloud security plays an important role in an organization’s overall cybersecurity strategy.

How does cloud security work?

Instead of safeguarding a network perimeter, cloud security protects resources and data individually, using controls, policies and procedures, and technologies including:

  • Access and authentication controls
  • Data encryption
  • Data loss prevention
  • Web application firewalls and network security
  • Endpoint security
  • Mobile device management
  • Monitoring

As we mentioned, cloud security – unlike on-premises security – is divided between provider and customer requirements, based on the shared responsibility model. Providers typically are responsible for cloud infrastructure and physical security (network, servers, storage), and customers are responsible for their data, workloads, devices, and identities. Beyond that, responsibility hinges on the type of service.

For instance, a customer using IaaS might be responsible for identity and access management, application-level controls, application configuration, and operating system and endpoint protection. For SaaS, the customer and provider might share those responsibilities, and the provider would take on security for the application, its OS, and its data storage.

Types of cloud security solutions

Cloud security solutions comprise a variety of tools and technologies aimed at protecting the cloud environment. They target specific cloud risks and threats.

Examples of newer solutions are:

  • Cloud security posture management (CSPM): These tools help automate discovery, monitoring, and remediation of misconfigurations, vulnerabilities, and compliance risks within cloud environments. CSPM is particularly valuable for multi-cloud environments, where it helps improve control plane security.Two emerging tools related to CSPM are SaaS security posture management (SSPM) and data security posture management (DSPM).
    Cloud-native application protection platforms (CNAPP): These solutions complement and extend traditional security processes by providing prevention, detection, and response for containers, Kubernetes services, and serverless functions.
  • Security service edge tools (SSE and SASE): Security service edge solutions extend protection to the edge of the network, close to users and devices. They include cloud access security broker (CASB), zero trust network access, and secure web gateway capabilities. Secure access service edge is broader than SSE: it combines network (e.g., software-defined WAN) and security functions in a single framework.
  • Cloud infrastructure entitlement management (CIEM): These solutions automate management of user access, permissions, and privileges in cloud environments. Some can implement least-privilege access policies.
  • Cloud workload protection platform (CWPP): As its name suggests, CWPP safeguards the integrity, availability, and confidentiality of workloads hosted on various cloud infrastructures like serverless functions, containers and virtual machines.
  • Cloud security information and event management (cloud SIEM): This version of a SIEM system is a cloud-based platform that helps organizations collect, monitor, and analyze data for security purposes. It serves as the consolidation point for all logs and events generated within cloud infrastructure.

Other cloud security solutions include:

  • Identity & access management (IAM): This framework comprises tools, policies, and processes that protect assets across cloud services and platforms. IAM gives organizations control over which cloud-based applications and data users may access.
  • Data loss prevention (DLP): This security strategy aims to protect data and applications in cloud-based systems from cyberattacks, leakage, or misuse.

Cloud security challenges and benefits

While there are many roadblocks to effective cloud security, perhaps the most pressing issue is people – specifically, the ongoing global shortage of cybersecurity professionals. Without enough skilled and experienced cloud security staff, organizations may struggle to understand and meet the security needs of cloud environments, including how to differentiate between CSP and customer responsibilities under the shared model. Adding to the staffing issue is complexity: securing the entire cloud environment, which can include multiple service providers, is placing greater pressure on finite resources.

Another fundamental security challenge is defending the cloud attack surface, which represents the sum of all attack vectors (including people) into the cloud environment. The cloud attack surface is broad and hard to visualize because it comprises known and unknown assets, such as containers, databases, identities, and email. It constantly grows (so-called “cloud sprawl”) and changes as organizations spin up new cloud workloads and develop or add new apps.

In addition to presenting an expansive attack surface, the cloud is a prime target for malicious actors because of all the sensitive data stored there – and because organizations often fail to identify, track, and protect all their cloud assets.

Here are other top cloud security challenges:

  • Limited visibility: IT teams may lack visibility into the organization’s full cloud infrastructure and applications. Multi-cloud environments can make matters worse.
  • Insecure APIs: Application programming interfaces that customers use to interact with cloud services are often exposed to threats. REST APIs, designed to provide access through browsers and mobile apps, are especially vulnerable.
  • Shadow IT: Employees’ unapproved use of cloud resources, such as non-corporate SaaS apps, prevents oversight and protection by IT security teams.
  • Regulatory compliance: Maintaining cloud compliance with data privacy regulations such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS) is a shared responsibility between customers and CSPs that can lead to gaps and misunderstandings.
  • Misconfigured cloud services: Misconfigurations can result in data exposure, unauthorized access, insider threats, and other security issues.
  • Identity-related risks: Prioritizing the management of user and service identities is critical to understanding who can access cloud assets and avoiding overly permissive privileges.

By overcoming these challenges to achieve strong, effective cloud security, organizations can gain multiple benefits, starting with protection of data – the lifeblood of today’s enterprises. Ensuring the confidentiality and integrity of sensitive cloud-hosted data – at rest and in transit – also supports regulatory compliance and auditing.

Cloud security can optimize the availability and performance of critical business assets, such as websites and applications, by protecting against DoS and DDoS attacks and other threats.

Easy scalability of cloud security measures supports business agility and cost control. Cloud-based security allows organizations to expand protections when data volumes or access requirements increase – without substantial hardware investments or major changes to existing systems.

Public cloud vs. private cloud vs. hybrid cloud

What are the differences between these three cloud models, and what are their pros and cons?

Public cloud

Public clouds are managed and operated by third-party service providers like Amazon Web Services (AWS), Google Cloud, and Microsoft Azure. Their offerings range from SaaS, IaaS, PaaS, and FaaS (software-, infrastructure-, platform-, and functions-as-a-service) to virtual desktops, workload and data storage, and software development environments.

Advantages of public clouds include a low cost to entry through pay-as-you-go plans, high reliability due to redundant infrastructure and globally distributed datacenters, easy scalability, and support for business continuity and disaster recovery.

Public cloud drawbacks range from loss of customer control and lack of customization vs. an on-prem environment, to concerns about privacy and security related to multi-tenancy.

Private cloud

A private cloud is a single-tenant cloud environment dedicated to one organization. The cloud can be hosted on the customer’s premises or at a third-party datacenter. Management and operation can be partially or completely outsourced to a service provider or handled by the customer.

Many organizations choose private clouds to better meet rigorous compliance requirements or to protect confidential data vs. a public cloud’s shared access. Freedom to choose and customize infrastructure and software is an advantage. The main drawback of a private cloud is its cost, which is typically higher than using a public cloud service.

Hybrid cloud

Hybrid clouds combine an organization’s on-premises IT resources with public or private cloud services in a single environment with shared management, security, and governance. In contrast, the multi-cloud model uses two or more public cloud services without a private component.

Reasons for choosing the hybrid cloud model include the flexibility to keep certain workloads and data on premises and the remainder in the public cloud, or seamlessly transfer them between locations to meet business needs. Hybrid clouds provide access to advanced public cloud technologies like artificial intelligence (AI), offer greater control and customization than a public cloud, and enable faster and easier scalability than a private cloud.

Integrating private and public components into a hybrid infrastructure can be a big challenge. Also, the complexity of hybrid clouds can make security, access management, and compliance more difficult. Another potential disadvantage is the cost of maintaining an on-prem data center while contracting for public cloud services.

 
 
Back to Top