Cloud computing security is a subsection of cybersecurity, and as a subsection carries a lot of the same concerns and protocols as other cybersecurity measures but with a focus on cloud computing environments, be they public, private, or hybrid cloud environments. This includes the protection of data, applications, and infrastructure involved in cloud computing. The methods of providing cloud security include firewalls, penetration testing, obfuscation, tokenization, virtual private networks, and avoiding public internet connections.
Cloud computing security also covers types of cloud-based services and on-demand solutions, including Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service. In these systems, the cloud vendor is responsible for securing the underlying infrastructure with a cloud security system. On the user or client side of cloud computing security systems, the vulnerabilities of a security system include social engineering and malware, but also include data breaches, data loss, account hijacking, service traffic hijacking, insecure APIs, and shared technology.
Cloud computing security products
Cloud access security brokers (CASB)
A category of cloud security solutions which monitor activity and enforce cloud access security policies.
Cloud workload protection platforms
Cloud workload protection technologies work with both cloud infrastructure and virtual machines, providing monitoring and threat prevention features.
Multiple types of security technologies are delivered as a service from the cloud, can help secure both on-premises and cloud workloads. These solutions can include vulnerability scanning and management features.
Software-defined compute security
Sometimes referred to as cloud native security, these solutions work to protect containers running across cloud deployments.
Cloud computing often offers greater security than the use of local services. This is because the service providers tend to have stronger security measures, including physical security measures, and employ security experts to keep the data secured. And cloud security service providers have to follow certain regulatory requirements for storing sensitive data.
The security systems require network protections as well to protect against attacks. One part of this is microsegmentation, which creates zones to isolate workloads from each other and secure them individually and creates roadblocks to would-be attackers to move laterally from infested hosts. The other part applies to inline flow of traffic. This cloud security solution should allow authorized users to securely access cloud-based data while providing threat visibility into what activities they are performing.
This is a method of scrambling data so only authorized parties understand the information. This way, an attacker will find scrambled data without an encryption key. Data can be encrypted at rest, or in transit, to reduce the possibility of interception and reading of the data. In a multi-cloud or hybrid cloud, environments are connected at the network layer, and a VPN can be used to encrypt the traffic between these layers. If the services are connected at the application layer, SSL/TLS encryption is often used. The SSL/TLS can encrypt traffic between a user and a cloud.
A cloud firewall provides a layer of protection around cloud assets by blocking malicious traffic. Unlike traditional firewalls, cloud firewalls are hosted in the cloud and form a virtual security barrier around cloud infrastructure.
Identity and access management
These are products which track who a user is and what they are allowed to do. They authorize users gaining access to internal assets and stopping authorized users exceeding their privileges. These services include the capabilities of identity provider which authenticates user identities; single sign-on services for authenticating user identities for multiple applications; multi-factor authentication to strengthen the user authentication process; and access control to allow and restrict user access.
Cloud network security companies
Identity access management companies
Data compliance for cloud security companies
Cloud security has a lot to do with access. Based on the nature of the environment, the traditional controls use a perimeter security model. In cloud environments, perimeter defenses are easier to bypass, through insecure APIs, weak identity and credentials management, account hijacks, and malicious insiders.
But, despite this, some sources suggest close to 95 percent of cloud security failures are the fault of the user, with misconfiguration and mismanagement being the leading issues. These are often caused by misconceptions and assumptions, where users may assume the cloud service provider is in charge of securing the cloud environment in a situation where the provider is in charge of protecting the physical data centers and the user maintains responsibility for protecting virtual machines and applications. A lot of breaches in cloud computing occur in opportunistic attacks on data left open by errors in how the cloud environment was configured. And multi-cloud environments in enterprises can create a misconfiguration problem where there is a lack of awareness of all the cloud services in use.
Cloud security companies
Companies in this industry
5 critical features for cloud security controls
December 12, 2019
7 cloud security controls you should be using
Fahmida Y. Rashid and James A. Martin
October 21, 2019
CloudID: Trustworthy cloud-based and cross-enterprise biometric identification
Mohammad Haghighat; Saman Zonouz, Mohamed Abdel-Mottaleb
November 30, 2015
How Does Cloud Security Work? | Cloud Computing Security
The 4 essential pillars of cloud security -- GCN
July 21, 2020