The Emergence of Cloud Security

One of the most significant technological developments this century has seen is the emergence of cloud computing. The United Kingdom’s National Cyber Security Center defines cloud computing as, “An on-demand, massively scalable service, hosted on shared infrastructure, accessible via the internet.”

Soaring into the Cloud

Starting an online business used to be a complicated and costly process. In years past, companies had to build and maintain their internal solutions to operate in the digital marketplace. Now, it’s much easier for anyone to participate because of the cloud.

The availability of cloud technologies has drastically changed how businesses operate online. These new tools allow companies to scale and adapt quickly while also lowering their costs. Despite these benefits, the shift to cloud-based services has also introduced a range of new cybersecurity challenges that put assets at risk.

Cloud-Based Services

The term cloud-based services refers to a variety of on-demand or web-based business solutions. Depending on a company’s needs and budget, services can range from website hosting to application development environments, to entire back-end infrastructure.

There are three main categories of cloud-based services:

• Software as a Service (SaaS): Front-end applications that users access via a web browser. Service providers host, manage, and maintain all of the back-end systems for those applications. Examples include Gmail™ email service, Slack, and Zoom software.

• Platform as a Service (PaaS): Back-end application development tools that clients can access online. Developers use these resources to write code and build, manage, and deploy their apps. Cloud service providers host and maintain the back-end hardware and software the apps use to operate. Examples include the Google App Engine™ platform, Heroku®, and VMware Cloud Foundry.

• Infrastructure as a Service (IaaS): Customers are given remote access to a range of back-end systems hosted by the cloud service provider. This includes data processing servers, storage, networking resources, and more. Resources are commonly licensed as needed, making it a cost-effective alternative to buying and maintaining on-premises.

Cloud-based services allow companies to connect with their customers, employees, and business partners over the Internet. Some of the largest organizations in the world offer cloud-based services, including Google Cloud Platform and Microsoft Azure.

Cloud Security

Shifting applications and infrastructure over to the cloud can make it easier to operate an online business. However, it can also complicate keeping data private and safe. Cloud security is a growing subfield of cybersecurity that specifically focuses on protecting data, applications, and infrastructure in the cloud.

In a traditional model, organizations had their entire IT infrastructure on-premises, and protecting those systems was entirely up to the internal security team. These responsibilities are not so clearly defined when part or all of an operational environment is in the cloud.

For example, a PaaS client pays to access the resources they need to build their applications. It is reasonable to expect them to be responsible for securing the apps they build. On the other hand, the responsibility for maintaining the security of the servers they are accessing should belong to the cloud service provider because other clients are using the same systems.

In cloud security, this concept is known as the shared responsibility model. Clients are commonly responsible for securing anything that is directly within their control, including identity and access management, resource configuration, and data handling. The amount of responsibility delegated to a service provider varies depending on the service being used: SaaS, PaaS, and IaaS.

Cloud Security Challenges

While service providers strive to deliver secure products, data stored in the cloud and accessed over the internet introduces several challenges:

1. Misconfiguration: Customers of cloud-based services often use out-of-the-box configurations that fail to address their specific security objectives. Cloud-native breaches are more likely to occur due to misconfigured services.
2. Monitoring Access: Monitoring access can be difficult depending on the client and level of service.
3. Regulatory Standards: Meeting regulatory standards, especially in industries required to follow specific requirements such as HIPAA, PCI DSS, and GDPR.

As more businesses adopt cloud-based services, there’s a growing need for cloud security professionals. Burning Glass, a leading labor market analytics firm, ranks cloud security among the most in-demand cybersecurity skills.

Key Takeaways

The global marketplace has shifted to cloud-based services, resulting in new security models and challenges. Being familiar with the cloud and its different available services is crucial for supporting any organization’s efforts to protect information online.

Resources for More Information

Cloud security is one of the fastest-growing subfields of cybersecurity. Consider exploring the following resources:

• The U.K.’s National Cyber Security Centre: Detailed guide for choosing, using, and deploying cloud services securely based on the shared responsibility model.
• The Cloud Security Alliance®: Offers access to cloud security-specific research, certification, and products.
• CompTIA Cloud+: A certificate program designed to teach foundational skills needed to become a cloud security professional.