What is Cloud Security?

There are two aspects to Cloud Security. Firstly, cloud-based security software such as email virus scanning, anti-spam services, internet web threat protection and user monitoring services. These solutions are often cloud based – or a hybrid of on-remise and cloud-based software.
Secondly, there is a great deal of debate about the security of moving services to the cloud. This debate tends to concentrate on risk, data management and new models of federated security tools.

I’m interested in cloud-based security solutions. What do I need to know?
The first stop is Compare the Cloud’s cloud comparison tool – here we list many of the cloud-based security solutions available in the market.

I’m interested in the debate about whether moving my IT environments to a cloud-based Infrastructure as a Service (IaaS) model or Platform as a Service (PaaS) model is secure. What do I need to know?
Some people have expressed concern that moving to a cloud-based Infrastructure model is necessarily less secure than owning, hosting and maintaining IT infrastructure in-house. However, this isn’t necessarily the case; the security of each model will depend on how each environment is managed.

Some commentators have argued that fears about cloud security are more about a feeling of loss of control rather than based on solid security grounds: “Security has become a full-time job and requires a tremendous amount of expertise to do it right on-premises. For all the fear of the cloud, the fact is companies are routinely hacked, and many never even know it. In reality, your on-premises systems are not more secure than the cloud.”

Nevertheless, there are security risks inherent in any environment and the cloud is no exception. These need to be considered carefully and clear lines of responsibility drawn between cloud service provider (CSP) and customer.

What security measures does my CSP need to have in place?

Of course, security and data compliance requirements will vary depending on the industry you operate in and business policies. It is important to speak with your CSP to work out a model which matches your requirements.

The Cloud Security Alliance identifies fourteen areas that require consideration:

  • Cloud Architecture
  • Governance and Enterprise Risk Management
  • Legal
  • Contracts and Electronic Discovery
  • Compliance and Audit
  • Information Management and Data Security
  • Portability and Interoperability
  • Traditional Security
  • Business Continuity and Disaster Recovery
  • Data Centre Operations
  • Incident Response
  • Notification and Remediation
  • Application Security
  • Encryption and Key Management
  • Identity and Access Management
  • Virtualisation
  • Security as a Service
+ posts

CIF Presents TWF - George Athannassov

Newsletter

Related articles

Tackling AI challenges in ethics, data, and collaboration

We can safely say that artificial intelligence (AI) was...

The evolution of the CISO

What began as a technical innovation on the hacker...

Building Trust: Uniting Developers & AppSec Teams

The relationship between developers and security teams has typically...

Building cyber resilience across the supply chain

While the world is becoming increasingly interconnected and digitised,...

Enter the Application Generation: redefining digital experiences in 2024

During the pandemic, with the various restrictions in place,...
Previous article
Next article

Subscribe to our Newsletter