Cloud security: Introduction

• saka
• March 30, 2022
• No Comments

Last updated: Sep 9, 2022

• Cloud security is an aspect of cyber security, sharing similar goals in terms of security and protection. 
• Cloud security in specific includes safeguarding and providing protection over any cloud-based data, cloud computing environments, any applications that run inside the cloud and various other infrastructures from potential cyber attacks or various cyber threats. 
• This protection includes ensuring that data and information remains private across any sort of online application, platform or infrastructure. 
• Ensuring the safety of these systems is both reliant on the clients who utilize these online systems (businesses or individuals) as well as the cloud providers who are expected to ensure their clients data and private information remains safe and privately stored. 
• Cloud Security is made up of various different cloud solutions, namely:
  • Identity and access management (IAM)
  • Security information and event management (SIEM)
  • Data loss prevention (DLP)
  • Business continuity and disaster recovery. 

We will go on to explain each of these four cloud solutions in great detail, highlighting their primary functions and roles.

• First and foremost, IAM offers organizations the ability to post a policy-driven enforcement contract to allow their users access to both on-premises and cloud-based services.
  • Among its primary functions, IAM is responsible for initiating digital identities for all users in order to control and restrict them while interacting with data.
• In addition, security information and event management (SIEM) offers a comprehensive approach to privacy and security that can be used to detect any sort of potential threat automatically and respond appropriately as well as efficiently to cloud-based environments. 
  • SIEM utilizes artificial intelligence (AI) technologies to control and manage data across various different platforms. 
  • Additionally, SIEM allows for the IT teams to promptly initiate their network security tactics when facing any sort of potential threats that might arise along the way. 
• Next we will speak about DLP (data loss prevention). 
  • This cloud security solution allows for services that are created in order to protect, safeguard and regulate the cloud data. 
  • This solution utilizes data encryption and various other precautionary or protective measures in order to safeguard the stored data, no matter whether it is in motion or currently simply at rest. 
• The last cloud security solution that we will delve into is business continuity and disaster recovery. 
  • No matter the measures organizations have taken in order to protect their cloud-based infrastures, data breaches are still sure to happen on a very regular basis, either internally or from an external, unauthorized individual. 
  • Organizations need to efficiently as well as effectively respond to these vulnerabilities or potential threats as soon as they might occur in order to protect themselves and their private information. 
  • This solution is essential when it comes to equipping organizations with the tools, knowledge and services to expedite the recovery of potentially lost data and allow for their day-to-day business operations to continue as per usual. 

Cloud/ Cloud Computing:

At this point it is imperative we begin to understand the term “cloud” or rather “cloud computing”. 

• This term highlights the action of accessing any software, resources or databases over the Internet. 
• This advanced technological tool allows for great amounts of flexibility when it comes to scaling operations by unleashing parts of their infrastructure management to third-parties. 
• There are three main cloud computing services that organizations or individuals might wish to utilize. 
  • Firstly, there is IaaS (Infrastructure-as-a-Service), a hybrid approach. 
    • Organizations can utilize this service in order to control their parts of their data and applications on premise whilst depending on cloud providers to control or manage hardware, networking and other storage needs. 
  • Another service is PaaS (Platform-as-a-Service). 
    • This service allows organizations with the capacity to streamline application development by supplying them with a custom application framework that will automatically control their operation systems, software updates and will provide support to infrastructure in the cloud. 
  • Lastly, the final most common cloud computing software is SaaS (Software-as-a-Service). 
    • This is a cloud-based software that usually comes with  a subscription deal. 
    • The third party is able to control all the possible technical issues that might arise, for example, servers, storage, streamlining maintenance as well as support various functions.

Three different cloud environments:

Whilst figuring out which type of environment best fits your organization in terms of cloud-based security, it is important to properly understand the three different main types, namely:

• Public clouds
• Private clouds 
• Hybrid clouds. 

Each environment differs in terms of various security benefits and concerns. After noting the differences between the three different environments, organizations can figure out which of them best suit their respective organizations.

Public Clouds:

• The first type of environment which we will discuss is “public clouds” which are services that are arranged by third-party providers. 
• This type of environment leaves little-to-no responsibility for the organization itself as they are not required to set up anything to utilize within the cloud. From the get-go, the provider organizes all of it for them.
•  Generally speaking, a provider’s services on the web can often be accessed by organizations via web browser. 
• There are a few concepts in terms of security features that are most important for this type of environment, namely identity management, access control and authentication.

Private Clouds:

• The second type of environment that we will highlight is “private clouds”.
• This type is usually found to be better protected than public clouds since they are typically committed to an individual group or user that will rely on that single group or users own firewall. 
• Since this type of environment for the cloud is extremely isolated, it allows for them to remain safe from any potential external attackers since they are only within reach of one single organization. 
• Ofcourse, there are still many potential security difficulties and challenges that this type of environment might face in terms of threats and attacks. 
  • Firstly, social engineering, which is the term used to describe evil attacks through human interactions. 
    • This attack utilizes psychological manipulation, fibbing people to make certain security errors or simply give away private and important information. 
    • People believe they are dealing with trustworthy individuals, however, these individuals are hackers, trying to gain access to private and sensitive information.
  • Secondly, this type of environment is prone to breaches, a violation on one’s data safety, where sensitive information might be copied, viewed, stolen or even used by an unauthorized party. 
  • Additionally, this type of cloud environment is a challenge in terms of scaling when it comes to an organization growing. 

Hybrid Clouds:

• Lastly, the third type of cloud environment is “hybrid clouds” which are almost to some extent a combination of both public clouds and private clouds. 
• It utilizes the scalability of public clouds but with a better command over the resources that the public cloud environment has. 
• A successful hybrid cloud environment allows for all its users to gain access to all of their environments but doing so on one individual content management platform (that is integrated).

Benefits of Cloud Security:

In order to protect one’s organizations from having their data accessed by unwanted or unauthorized individuals, it is imperative that they implement security in cloud computing. There are various benefits from implementing cloud security which will be highlighted in great depth. 

• Firstly, there is “lower upfront costs” for the organization. 
  • An organization does not need to lay out the money for the hardware needed. 
  • This assists in initially saving large amounts of money. 
  • Communication service providers (CSP’s) are hired to deal with all these security methods, helping the organization cut down on costs and additionally, not having to permanently employ (and pay a salary to) an internal security team whose main role would be to protect the hardware. 
  • It is all external, greatly benefiting the organization for the get go. 
• Secondly, there are “reduced ongoing operational and administrative expenses” for the organization at hand. 
  • Again, the CSP will look after all the security needs. 
  • This means the organization once again does not need to pay employees to provide manual security updates. 
  • Additionally, the CSP is an expert in his field and thus you can feel at ease knowing that your security problems will be handled with the best abilities, skills and knowledge. 
• Thirdly, there is an “increased reliability and availability”. 
  • By employing cloud security measures within your organization, it allows for data and applications to be accessed easily by authorized individuals. 
  • Additionally, the way in which you access the information will be reliable, helping you to take action if you come across security breaches or potential threats. 
• The fourth advantage is “centralized security”, in which cloud computing allows for a centralized location for data, with various endpoints that will require security. 
  • Cloud computing security controls all of the organization’s devices, applications, information and data, in order to make sure it is all well secured. 
  • This centralized location, additionally makes it easy for security companies to perform important and vital tasks, such as streamlining network event monitoring or enhancing web filtering. 
• The fifth advantage is the “greater ease of scaling”, so once your organization grows and expands, cloud computing will allow you to scale with the various new demands, and provide more data storage if necessary as well as more applications. 
  • The centralized nature of cloud security is so flexible and fluid that if your company grows ,demand increases and an organization’s needs change too, it allows you to simply merge and fuse additional applications and features without putting your data’s security at risk. 
  • Additionally, the cloud security moves up or down with traffic periods, meaning when there are high traffic timeframes, you can upgrade your cloud solution and provide more security and once it goes down, you can also decrease your cloud solution. 
• The last benefit that we will speak about in terms of cloud security is “improved Distributed Denial of Service (DDoS) protection”. 
  • DDoS attacks are big threats when it comes to cloud computing and pose a great risk for individuals and organizations. 
  • What these attacks do is they point lots of traffic towards one service at once which in turn causes great harm. 
  • Cloud security goes on to safeguard servers from these types of attacks by observing and distributing them. 

The importance of cloud security: 

In the modern-day world that we find ourselves living in with continuous growth in the technological world, we find ourselves in a continuous growing transition to cloud based environments as well as to the three computing models we previously spoke about – IaaS, SaaS and PaaS. Utilizing these three models allows for organizations to offload many tasks that they might find extremely time consuming – especially when it comes to IT-related tasks. However, it is imperative to note that whilst these models assist in many ways, there are various difficulties and challenges that organizations are now facing in terms of the dynamic and fluid nature of infrastructure management. 

• When companies are utilizing the cloud, it is extremely vital and imperative that they begin to learn and understand the various security necessities in order to better protect their data and to make sure to keep it safe. 
• Even though these services allow for a “third party” cloud computing service to control their data and/or infrastructure, it does not necessarily mean that this third party will also be protecting the data or be held accountable for any parts of it. 
• Although these cloud services do have the best technology in order to protect the integrity and safeguard the privacy of their servers, it still lies within each and every organization’s needs to make sure that they have taken the necessary steps to protect their data and applications as well as information running on the cloud. 
• As our world becomes more and more in touch with technological advancement, the security threats have grown along with it. 
  • There are threats to security cloud computing providers, since there is more often than not a lack of visibility in data access. 
• If an organization does not take the precautionary, preventative and necessary extra steps in order to properly improve and manage their cloud security, they can possibly face compliance risks when it comes to controlling and protecting their clients data and information, no matter where the information might be stored (and no matter on which platform). 
• Regardless of the size of one’s organization, big or small, cloud security should be greatly considered by each and every one of them. 
• In order to successfully embrace the cloud, it is essential that an organization ensures the right countermeasures against various cyberattacks are in place. 
• This is not unique to private enterprises or public enterprises and rather it should be adopted by any sort of organization out there.

Various challenges that go along with cloud security: 

There are five main challenges that I will highlight when it comes to cloud security, namely:

• Lack of visibility
• Multitenancy
• Access management and shadow IT
• Compliance
• Misconfigurations. 

5 Main Challenges in detail:

• Firstly, lack of visibility, it is very easy to lose track about who is accessing your data and how your data might be being accessed, since cloud services are usually provided by external third parties outside of the organization and this poses as a great risk for an organization who is most probably holding and managing sensitive and private information. 
• Secondly, multitenancy, cloud environments are public with various different companies’ infrastructure under the same bracket. 
  • This means if one organization or enterprise is being targeted by some attacker, your data and information might be some sort of collateral damage during the attack, which again is a big risk and organization takes. 
• Thirdly, we have access management and shadow IT, whilst businesses might control access points across their on-premises systems, this poses a great challenge in cloud environments. 
  • This is challenging for organizations who allow for unfiltered access to cloud services from any personal device in any location in the world. 
• The fourth challenge is compliance, organizations are held accountable for data security and protecting their clients information, by relying heavily on various third-party solutions to manage this data, might lead an organization to immense and costly compliance issues and problems. 
• The last challenge I will highlight is misconfigurations, this might include having default passwords and not creating the suitable privacy settings for cloud computing environments.