Cloud 4
cloud security
Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data,
applications and infrastructure from cyber attacks and cyber threats.
Cybersecurity, of which cloud security is a subset, has the same goals. Where cloud security differs
from traditional cybersecurity is in the fact that administrators must secure assets that reside within a
third-party service provider's infrastructure.
Why cloud security is important
As enterprise cloud adoption grows, business-critical applications and data migrate to trusted third-
party cloud service providers (CSPs). Most major CSPs offer standard cybersecurity tools with
monitoring and alerting functions as part of their service offerings, but in-house information technology
(IT) security staff may find these tools do not provide enough coverage, meaning there are
cybersecurity gaps between what is offered in the CSP's tools and what the enterprise requires. This
increases the risk of data theft and loss.
Because no organization or CSP can eliminate all security threats and vulnerabilities, business leaders
must balance the benefits of adopting cloud services with the level of data security risk their
organizations are willing to take.
Putting the right cloud security mechanisms and policies in place is critical to prevent breaches and
data loss, avoid noncompliance and fines, and maintain business continuity (BC).
A major benefit of the cloud is that it centralizes applications and data and centralizes the security of
those applications and data as well. Eliminating the need for dedicated hardware also reduces
organizations' cost and management needs, while increasing reliability, scalability and flexibility.
,How cloud security works
Cloud computing operates in three main environments:
1. Public cloud services are hosted by CSPs. These include software as a service (SaaS),
platform as a service (PaaS) and infrastructure as a service (IaaS).
2. Private clouds are hosted by or for a single organization.
3. Hybrid clouds include a mix of public and private clouds.
As a result, cloud security mechanisms take two forms: those supplied by CSPs and those
implemented by customers. It is important to note that handling of security is rarely the complete
responsibility of the CSP or the customer. It is usually a joint effort using a shared responsibility model.
The shared responsibility model
Although not standardized, the shared responsibility model is a framework that outlines which security
tasks are the obligation of the CSP and which are the duty of the customer. Enterprises using cloud
services must be clear which security responsibilities they hand off to their provider(s) and which they
need to handle in-house to ensure they have no gaps in coverage.
Customers should always check with their CSPs to understand what the provider covers and what they
need to do themselves to protect the organization.
Cloud security tools
Many of the same tools used in on-premises environments should be used in the cloud, although
cloud-specific versions of them may exist. These tools and mechanisms include encryption, IAM and
single sign-on (SSO), data loss prevention (DLP), intrusion prevention and detection systems
(IPSes/IDSes) and public key infrastructure (PKI).
Some cloud-specific tools include the following:
Cloud workload protections platforms (CWPPs). A CWPP is a security
mechanism designed to protect workloads -- for example, VMs, applications or data -- in a
consistent manner.
Cloud access security brokers (CASBs). A CASB is a tool or service that sits between
cloud customers and cloud services to enforce security policies and, as a gatekeeper, add a
layer of security.
2
, Cloud security posture management (CSPM). CSPM is a group of security products and
services that monitor cloud security and compliance issues and aim to combat cloud
misconfigurations, among other features.
Secure Access Service Edge (SASE) and zero-trust network access (ZTNA) are also emerging as two
popular cloud security models/frameworks.
Security as a service, often shortened to SaaS or SECaaS, is a subset of software as a service. The
Cloud Security Alliance (CSA) defined 10 SECaaS categories:
1. IAM
2. DLP
3. web security
4. email security
5. security assessments
6. intrusion management
7. security information and event management (SIEM)
8. encryption
9. BC/disaster recovery (BCDR)
10. network security
What is Infrastructure Security?
Infrastructure security is the practice of protecting critical systems and assets
against physical and cyber threats. From an IT standpoint, this typically
includes hardware and software assets such as end-user devices, data center
resources, networking systems, and cloud resources.
Benefits of infrastructure security
Enterprises depend on their technology assets to maintain operations, so protecting
technology infrastructure is protecting the organization itself. Proprietary data and
intellectual property (IP) provide many companies significant competitive advantages in
the market, and any loss of or disruption of access to this information can have
profound negative impacts to a company’s profitability.
3
cloud security
Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data,
applications and infrastructure from cyber attacks and cyber threats.
Cybersecurity, of which cloud security is a subset, has the same goals. Where cloud security differs
from traditional cybersecurity is in the fact that administrators must secure assets that reside within a
third-party service provider's infrastructure.
Why cloud security is important
As enterprise cloud adoption grows, business-critical applications and data migrate to trusted third-
party cloud service providers (CSPs). Most major CSPs offer standard cybersecurity tools with
monitoring and alerting functions as part of their service offerings, but in-house information technology
(IT) security staff may find these tools do not provide enough coverage, meaning there are
cybersecurity gaps between what is offered in the CSP's tools and what the enterprise requires. This
increases the risk of data theft and loss.
Because no organization or CSP can eliminate all security threats and vulnerabilities, business leaders
must balance the benefits of adopting cloud services with the level of data security risk their
organizations are willing to take.
Putting the right cloud security mechanisms and policies in place is critical to prevent breaches and
data loss, avoid noncompliance and fines, and maintain business continuity (BC).
A major benefit of the cloud is that it centralizes applications and data and centralizes the security of
those applications and data as well. Eliminating the need for dedicated hardware also reduces
organizations' cost and management needs, while increasing reliability, scalability and flexibility.
,How cloud security works
Cloud computing operates in three main environments:
1. Public cloud services are hosted by CSPs. These include software as a service (SaaS),
platform as a service (PaaS) and infrastructure as a service (IaaS).
2. Private clouds are hosted by or for a single organization.
3. Hybrid clouds include a mix of public and private clouds.
As a result, cloud security mechanisms take two forms: those supplied by CSPs and those
implemented by customers. It is important to note that handling of security is rarely the complete
responsibility of the CSP or the customer. It is usually a joint effort using a shared responsibility model.
The shared responsibility model
Although not standardized, the shared responsibility model is a framework that outlines which security
tasks are the obligation of the CSP and which are the duty of the customer. Enterprises using cloud
services must be clear which security responsibilities they hand off to their provider(s) and which they
need to handle in-house to ensure they have no gaps in coverage.
Customers should always check with their CSPs to understand what the provider covers and what they
need to do themselves to protect the organization.
Cloud security tools
Many of the same tools used in on-premises environments should be used in the cloud, although
cloud-specific versions of them may exist. These tools and mechanisms include encryption, IAM and
single sign-on (SSO), data loss prevention (DLP), intrusion prevention and detection systems
(IPSes/IDSes) and public key infrastructure (PKI).
Some cloud-specific tools include the following:
Cloud workload protections platforms (CWPPs). A CWPP is a security
mechanism designed to protect workloads -- for example, VMs, applications or data -- in a
consistent manner.
Cloud access security brokers (CASBs). A CASB is a tool or service that sits between
cloud customers and cloud services to enforce security policies and, as a gatekeeper, add a
layer of security.
2
, Cloud security posture management (CSPM). CSPM is a group of security products and
services that monitor cloud security and compliance issues and aim to combat cloud
misconfigurations, among other features.
Secure Access Service Edge (SASE) and zero-trust network access (ZTNA) are also emerging as two
popular cloud security models/frameworks.
Security as a service, often shortened to SaaS or SECaaS, is a subset of software as a service. The
Cloud Security Alliance (CSA) defined 10 SECaaS categories:
1. IAM
2. DLP
3. web security
4. email security
5. security assessments
6. intrusion management
7. security information and event management (SIEM)
8. encryption
9. BC/disaster recovery (BCDR)
10. network security
What is Infrastructure Security?
Infrastructure security is the practice of protecting critical systems and assets
against physical and cyber threats. From an IT standpoint, this typically
includes hardware and software assets such as end-user devices, data center
resources, networking systems, and cloud resources.
Benefits of infrastructure security
Enterprises depend on their technology assets to maintain operations, so protecting
technology infrastructure is protecting the organization itself. Proprietary data and
intellectual property (IP) provide many companies significant competitive advantages in
the market, and any loss of or disruption of access to this information can have
profound negative impacts to a company’s profitability.
3
