What is Cloud Security?

 


Cloud computing is the delivery of computing services over the internet on a pay-as-you-go basis. It provides services including software, storage and processing power. Cloud security is concerned with providing security to these cloud computing environments against cybersecurity threats. It involves technologies, policies, procedures, controls and services that secure cloud data, cloud-based systems and the infrastructure. This protects customers’ privacy as well. Cloud security can be configured according to the needs of the customers. Administration overheads are also reduced as the configurations are happening in one place.


Cloud Security Implementation is a Joint Responsibility

Implementing cloud security is a joint responsibility between the customer and the solution provider. There are responsibilities of the customer, responsibilities of the solution provider and responsibilities which are different according to the service model (Infrastructure as a Service, Platform as a Service or Software as a Service). Responsibilities of the customer include identity and access management of the users, preventing unauthorized access to cloud accounts, protecting cloud-based data etc. while the solution provider is responsible for protecting the infrastructure, configuration of physical hosts and the physical network etc.


Why is Cloud Security Important?

With the advancement of technology, cyber-attacks evolve day by day and cloud computing is also possessing risks. Therefore, it is essential to safeguard resources, data and processes in cloud computing.

Cloud security comes up with a lot of benefits. Let us look into those.

  • Centralized security – Cloud security provides centralized security. In cloud computing, various number of devices and endpoints are involved which makes it difficult to manage. Centralized management improves the quality of traffic analysis and network monitoring which result in a smaller number of software and policy updates. Being centralized enable to implement disaster recovery plans easily.
  • Cost reduction – Dedicated hardware is not needed when utilizing cloud security. Therefore, it reduces capital expenditure and administrative overheads. Cloud security can offer protection without any human intervention.
  • Administration reduction – Manual security configurations and security updates require a lot of resources. When utilizing cloud security, all the security administrations are taking place in a one place and are managed on the customers’ behalf.

  • Reliability – Users can access applications with any device from anywhere they want. Cloud security measures give reliable protection regardless of the devices you use and from where you use those.

  • Convenience – Cloud computing is involved with various technologies and processes which makes it hard to handle with traditional security tools. Therefore, implementing cloud security is convenient.


What are the Challenges?

Same as any other technology, there exists challenges in implementing cloud security too.

  • Increased attack surface – Public cloud environment is very attractive to cybercriminals as they can access cloud data through poorly secured cloud ingress ports.
  • Lack of visibility and tracking – Customers do not have the full control over the infrastructure. Therefore, it has been difficult to identify the cloud assets and quantify them.

  • Change in the requirement of assets – In cloud computing, it is possible to scale assets. However, traditional security tools are not capable in providing security in a flexible way to facilitate these dynamic environments.

  • Compliance – Cloud computing adds a new dimension to regulatory and internal compliance. Therefore, it may be necessary to adhere to regulatory requirements such as HIPAA and PCI and requirements from internal teams and partners. Due to the poor visibility, the compliance audit process can be difficult to handle.

  • Complex environments – It is hard to manage security consistently as tools which are capable of working across public cloud providers, private cloud providers and on-premises deployments are required.

  • Granular privilege and key management – Improperly configured keys and loosely configured user roles possess a lot of risks.

  • Cloud-native breaches – Data breaches in the cloud usually happen using native functions of the cloud. Attack occurs without using malware and data are accessed through weakly configured interfaces. Misconfiguration is the main reason behind cloud-native breaches.


Even though there are lot of challenges in implementing cloud security, organizations have identified the advantages and are moving towards cloud security. This enables to protect applications from data theft, corruption and many more security threats. With the ever-changing technologies, it is not easy to ensure the security of data and the applications. Therefore, having a robust security solution is the possible action we can take and cloud security appears to be the best solution.


Watch this video to see how cloud security works:


References

  • https://www.forcepoint.com/cyber-edu/cloud-security
  • https://www.mcafee.com/enterprise/en-us/security-awareness/cloud.html
  • https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-security
  • https://www.kaspersky.com/resource-center/threats/what-is-cloud-security
  • https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-to-know-about-the-cloud

Comments

  1. A comprehensive explanation Dulanga..Can you explain me the difference between cloud and the traditional data centers in regards to security?

    ReplyDelete
    Replies
    1. Yes Suranga. Neither traditional or cloud security is completely safe for data breaches. But cloud security gives more reliable solutions through automation compared to traditional security. For an example, automated processes such as AI-based network scanning and emails along with updates can be used to improve cloud security. In traditional data centers, issues such as missed maintenance headlines, human errors and outdated equipment can be caused.

      Delete
  2. Hi Dulanga. Very good article. Can you tell me, service provider wise, which cloud service providers are providing high reliable cloud security?

    ReplyDelete
    Replies
    1. Yes Asenika. Basically, cloud security is the highest priority for AWS. It offers services such as infrastructure security, DDoS mitigation, data encryption, inventory and configuration, monitoring and logging, identity and access control, and penetration testing. Also, it provides 40+ compliance certifications.

      Microsoft Azure also provides advanced security options such as Azure Information Protection, Key Vault, Azure Sentinel etc.

      Also, IBM Cloud, Google cloud, Oracle cloud and Alibaba cloud are also good platforms.

      According to Gartner Magic Quadrant for Cloud Infrastructure as a Service (IaaS), AWS leads all the way as a leader, but Microsoft’s Azure leads as a visionary. Google is third in the race followed by Oracle, Alibaba, and IBM.

      Delete
  3. Great share! Can you explain how can data be secured for a transport in the cloud?

    ReplyDelete
    Replies
    1. When transporting data in the cloud, no one should be able to intercept the data as it moves from one point to another point in the cloud and should not happen any data leaks (malicious or otherwise) from any storage in the cloud.
      VPN is a way to manage data security during its transport. Instead of using a dedicated connectivity, it makes the public network your own private network. A well-designed VPN may include a firewall which acts as a barrier between the public internet and any private network. Also, it should incorporate encryption so that only the computer you send it should have the key to decode data.
      That's the basic idea of securing data in the transport.

      You can read more here: https://www.dummies.com/programming/cloud-computing/how-to-secure-data-for-transport-in-cloud-computing

      Delete
  4. Very Informative blog. Can you please explain how can we secure the data while transferring on the cloud?

    ReplyDelete
    Replies
    1. There are 2 factors that we should ensure when transporting data in the cloud. One is, no one should be able to intercept the data as it moves from one point to another point in the cloud and should not happen any data leaks from any storage in the cloud.
      Data security during its transport can be ensured with a VPN. Instead of using a dedicated connectivity, it makes the public network your own private network. A well-designed VPN may include a firewall which acts as a barrier between the public internet and any private network. Also, it should incorporate encryption so that only the computer you send it should have the key to decode data.
      That's the basic idea of securing data in the transport.

      You can read more here: https://www.dummies.com/programming/cloud-computing/how-to-secure-data-for-transport-in-cloud-computing

      Delete
  5. Informative content Dulanga. Cloud computing is a very useful and essential for organizations. our data are stored in 3rd party. Knowing how to secure our cloud is very essential. you have well explained it.

    ReplyDelete
  6. How does cloud anti-virus and cloud backup fit into a security plan?

    ReplyDelete
    Replies
    1. Cloud anti-virus and cloud backup can be an integral part of the security plan. Automated cloud anti-virus checks can protect data from external threats without you having to run anti-virus software internally. Cloud backups can ensure that you don't suffer a data loss if something goes wrong.

      You can read more here: https://www.probrand.co.uk/it-services/cloud-computing-security

      Delete
  7. I think when using cloud security, the organization have only a limited control over their data and the service providers don't take the full responsibility on any data losses. What's your idea on this?

    ReplyDelete
    Replies
    1. Yes Chamal. The service provider usually has no direct liability for data breaches, but a customer can claim for failing to keep their data secure. Even though a service provider's contract limits liability by default, it’s not clear how successful those contracts would hold up when it’s time to pay a claim. If the service provider is truly negligent, the court may decide that liability caps on contracts don’t apply.

      You can read more here: https://woodruffsawyer.com/cyber-liability/cloud-computing

      Delete
  8. Thanks for sharing such a nice blog. This blog is focus on GCP Cloud Security . Thanking you again for your hardwork.

    ReplyDelete

Post a Comment

Popular posts from this blog

Multi-Access Edge Computing