Basic overview of Cloud security
When we say the term ‘Cloud Security‘, that means all about securing your cloud environment or landscape. Today, we’ll be focusing mainly on basics of Cloud Security.
To understand ‘Cloud Security‘ concepts, you must be familiar with ‘Cloud Computing‘. Most of you might already have some experience on the area of cloud computing. However, if you are completely new in this area, please feel free to refer one of our previous post to get taste of Cloud Computing.
We’ll understand today-
- What exactly ‘Cloud Security‘ is?
- How it is different from traditional data center security (on-premises)?
- What are some common threats for cloud security?
- Key challenges and key considerations for ‘cloud security’.
My key idea here is to help you understand ABC’s about safeguarding cloud environment.
So, are you ready?
Now-a-days, companies of all shapes and size operate most of their businesses through cloud environment. On one hand cloud computing is demanding in the market, whereas on the other hand cyber threats or risks are increasing day-by-day. Therefore, It is very important to understand how to secure the cloud environment.
We’ll be covering various security terminologies today. You will find these terminologies relevant to the basic concepts for cloud security. Let’s begin …
What is Cloud Security?
When we say Cloud Security, the simple thing that comes to mind is Cloud + Security or securing your cloud environment.
Ideally, it means all the necessary steps that we take to safeguard infrastructures or applications hosted into the cloud environment from cyber risk or threats. It is also called the Security of Cloud computing environment.
This may involve technology/tools, controls, policies/procedures etc. It enables us to defend from any kind of cyber risk into the cloud environment or landscape.
Ultimate goal for cloud security is to maintain CIA (Confidentiality-Integrity-Availability) for your cloud landscape by deploying necessary security controls in place.
Why Cloud Security is so Important?
Now-a-days, you will see most of enterprise (either its small, mid or large sizes) getting their operations or business migrated to cloud.
With the ever increasing demands for cloud computing, It is very crucial for enterprise to understand the security requirements to keep their data, applications secure into the cloud landscape.
To be honest, data breaches are very very costly. So, it is very important for organizations or individual entity to analyze security requirements prior to migration and continue accessing the risk throughout the life cycle for the clear visibility from security stands point.
Most of the cloud service provider (CSP) generally provides industry best practices, however it is strongly recommended for organizations to review and choose necessary standards, define standard policies to protect their data or workload into the cloud applications or landscapes.
Cloud Security Vs. Traditional On-premises Security?
In general, how traditional security works? Who is responsible for overall security for your on-premises model?
Yes, Enterprise or individual entity – owning each and every pieces here for security for their on-premises landscape, either when we talk about securing physical premises or network devices or underlying pieces of hardware or software security etc.
More overhead or cost for maintaining the security for traditional on-premises or data center security, as enterprise or individual entity is managing each device including monitoring, maintenance, patching, technological refreshment etc.
However in Cloud computing, there is concept of shared responsibility model for securing the environment. Security accountability is shared between Cloud service provider and Cloud consumer.
Accountability may change depending what deployment models (IaaS, PaaS, SaaS) you are subscribing for your requirements. If you choose IaaS – More responsibilities lies to customer shoulder, however if you choose SaaS more responsibilities lies on Cloud Service Provider.
On one hand ‘Security Of the Cloud‘ is the responsibility of Cloud Service Provider (CSP), where all underlying hardware’s, physical facilities, utilities etc. comes under this.
On other hand ‘Security In the Cloud’ is the responsibility of Customer or Cloud Consumer (CC), Where network controls, applications configurations and change controls, Identity governance etc. comes under customer custody to maintain the compliance within the cloud environment.
Common Key Threats for Cloud Security?
Let’s discuss here few key threats of Cloud Security, which needs more attention to ensure industry best practices are being followed to minimize the overall impact or business interruption :
· Data Loss or Breaches – It is one of major concern for the cloud security. It’s natural to worry, when your data is in someone else’s custody. Safeguarding your data is very important be it in rest or in transit.
It’s always recommended to choose the correct vendor or solutions for your requirements and assess the risk against open threats and ensure proper control is in place for your data as well as privacy.
· Misconfigurations – It can result severe data breaches and you know how costly it is? Your cloud resources can be easily exposed to hackers and before you even think you will be another victim. Misconfiguration can leave behind several setting, which can be exploited easily.
No sense to invest into technological control, if it is not configured properly as per industry standard. It is advised to follow baseline security settings to start with, which will certainly help enabling minimum set of security settings to safeguard.
· Shared resource vulnerabilities – As we know, within public cloud infrastructure multiple customer share the infrastructure. Sometimes it is likely to get compromised due to shared resources vulnerabilities.
It can certainly impact your cloud environment, incase delay or negligence from cloud vendor in patching or fixing the vulnerabilities within shared resources.
· Weak Authentication Control – Poor access management is another open door for hackers to gain the control of your environment. This may cause serious impact from security prospects.
It is advised to ensure proper Identity Governance control is in place. Follow least privileges concept and allow the level of access, which is required to complete the task. Strong IAM (Identity & Access Management) policy can certainly improve the overall security posture.
· Insecure interfaces or API – Application programming Interface(API) helps or establish communication between different cloud components. Lack of necessary authentication mechanism will leave open door for hackers to exploit easily.
You need to ensure API communications are being encrypted using TLS or SSL. Also defining necessary authentication and authorization mechanism.
· Account & resource hijacking – Hackers can gain access to sensitive data or your cloud resources from the compromised passwords. It is always recommended to maintain strong password policy and avoid rotating same credentials.
Following strong IAM policy and limiting priviledged access, will certainly prevent getting your account compromised. Also setting alert setting to notify incase some suspicious activities around.
Key Considerations for Cloud Security
Securing your cloud computing environment is very important. I am listing few key considerations on this, which will certainly help safeguard your cloud landscape
- Know your CSP vendor coverage for Security – It is very important to understand what level of security responsibilities being owned by your Cloud Security Provider (CSP). Shared responsibilities may vary based on the deployment model you subscribe. It will help you focus on the controls deployment priorities or responsibilities that lies on your shoulders
- Assess the Weaknesses or Open risk – Next recommended step is to review open risk or threat related to your organization. You may already maintaining certain risk register prior for identified risk during migration to cloud or prior to migration. May be some learning from past activities or certain know pain area to your environment – accessing those challenges to mitigate will help defining necessary roadmap on this
- Ensure necessary controls as per Industry Standard – There are several best practices as per standard Industry guideline, however security baseline is good to start with. It will enforce minimum necessary controls from security prospects to secure your cloud data and applications :
- Eliminate unnecessary cloud services, which is not required
- Encrypt all your data at rest as well in-transit
- Enable Dual-factor authentication for access
- Enforce strong IAM policy including password security
- Follow least privileges concept, allow only access which is required to operate
- Limit all the privileged access and grant role based access
Conclusion –
I hope you have enjoyed reading about basic concepts about ‘Cloud Security’. Learning part – either its on-premises or cloud based environment, Security is very important piece.
Also, we have seen several challenges for cloud computing security as well as few key considerations. It is always recommended to enforce security baseline setting within your cloud landscape and follow the industry best practices.
It will certainly help you safeguard your cloud environment. Finally, It’s time to conclude here about our discussion today. Will come again with another post soon with reference to cybersecurity.
Enjoyed the content?
Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.
Don’t forget to motivate me by-
- Adding a comment below on what you liked and what can be improved.
- Follow us on
- Share this post with your friends