Cloud security is the practice of protecting cloud-based data, applications and infrastructure from unauthorized access, cyberattacks and internal and external threats. It includes securing cloud environments against distributed denial of service (DDoS) attacks, hackers, malware and other risks.
Seeking to boost collaboration and innovation, more and more businesses are putting critical applications and data in the cloud. The advantages of moving operations to the cloud include rapid deployment, flexibility, low up-front costs and scalability. While most cloud service providers use standard tools to monitor usage and flag suspicious activity, in-house IT security experts may find those tools lacking. In-house teams also typically have the burden of configuring and managing security for cloud workloads. When moving assets to the cloud, each organization must weigh the benefits and risks—including increased data and application exposure.
Cloud security is designed to protect data and applications that reside in the cloud; support regulatory compliance; and protect customer privacy. From authenticating access for individuals and devices to balancing ease of access with organizational security, cloud security must fit the particular needs of each organization. Businesses will benefit from working with trusted advisors to get help managing these factors and to maximize ROI. Cloud security vendors can help businesses centrally configure and manage cloud workloads, reducing overhead and freeing IT teams to focus on other areas of the business.
Responsibility for cloud security is shared by cloud providers and customers. The shared responsibility model divides responsibilities into three categories: responsibilities that are always the provider’s, those that are always the customer’s, and those that vary depending on service model, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) or Software as a Service (SaaS).
Providers (like Amazon, Google, Microsoft or Oracle) are responsible for safeguarding infrastructure—including access to, patching and configuration of the physical network on which the computer and storage run and reside.
Clients are responsible for managing users and user access privileges (including identity and access management), safeguarding cloud accounts from unauthorized access, encryption and protection of cloud-based data assets, managing cloud security posture (compliance), and detecting threats as well as responding to incidents in their cloud environments.
Many traditional cybersecurity challenges also arise in the cloud, including:
- Cyberattacks. Cloud-based infrastructures are directly accessible from the public internet, and are often improperly configured, causing them to be insecure. Many contain sensitive or valuable data—making cloud deployments a popular (and profitable) target of cybercriminals.
- Unauthorized access. Unlike on-premises infrastructure, cloud-based deployments live beyond an organization’s network perimeter, making them far easier to access from the public internet. This makes them convenient for employees and customers—but also easier for cybercriminals to access.
- Account hijacking. Weak or reused passwords exacerbate the impact of hijacking, phishing and data breaches, making it possible for an attacker to unlock multiple accounts with a single stolen employee password.
- Lower visibility. Cloud-based resources run on third-party infrastructure, limiting an organization’s ability to monitor and protect them, and slowing threat detection and response. IT teams should ask cloud vendors for visibility into as much “as-a-service” application data as possible to inform their security operations.
- Data loss or leakage. Cloud-based environments make it easy to share data—and harder to keep it secure. Making information accessible to anyone with a link can open the door to data loss or leakage.
- Malicious insiders. In the cloud, many traditional security solutions are less effective at detecting malicious insider threats.
- DoS attacks. Denial of service attacks—which are frequently paired with ransom requests—can slow or shut down targeted systems, creating a major impact on daily operations, critical business systems or customer-facing applications.
- Data privacy and confidentiality. Data protection regulations including the EU’s General Data Protection Regulation (GDPR), Health Insurance Portability and Accessibility Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS) apply to data stored in the cloud, though many organizations lack the means to secure employee access to this data.
The best solution for cloud security depends on data type and sensitivity, number and type of users, cloud architecture, and availability of built-in tools. Some best practices:
- Control access and use. Use granular, policy-based identity and access management (IAM). Grant the minimum access privileges to assets and APIs. Use two-factor authentication (2FA) or multi-factor authentication (MFA) to verify user identity. Log and monitor all data access and updates. Embrace a zero trust security stance to constantly verify all users, resources and applications.
- Detect threats as they happen. Use rules, alerting and threat intelligence to detect and remediate known and unknown threats in real time, by cross-referencing internal data (asset and configuration management systems, vulnerability scans) against external data (public threat intelligence feeds, geolocation).
- Enhance data protection. Encrypt data at rest, in use and in transit. Secure file shares and communication. Use security information and event management (SIEM) and extended detection and response (XDR) tools to analyze and report on authentication, event, performance and data usage and anomalies. Maintain good data storage practices, including detecting misconfigured buckets and terminating orphan resources.
- Safeguard applications with firewalls. Use cloud edge security protections, including next-generation web application firewalls, to inspect and control all traffic to and from application servers.
- Ensure data location visibility and control. Use location to determine whether any given data can be copied to locations in or beyond the cloud.
Organizations can secure cloud-based data with cybersecurity tools for identity and access management (including multi-factor authentication) and threat detection and response. For those with effective on-premises identity and access management and threat controls, the next step is to extend those solutions to the cloud. New businesses, or those needing an upgrade, should look for security tools that protect data wherever it is, whether on-premises or in the cloud.