Cloud computing security
Cloud security is a responsibility that is shared between the cloud provider and the customer. There are basically three categories of responsibilities in the Shared Responsibility Model: responsibilities that are always the provider’s, responsibilities that are always the customer’s, and responsibilities that vary depending on the service model: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service, such as cloud email.
The security responsibilities that are always the provider’s are related to the safeguarding of the infrastructure itself, as well as access to, patching, and configuration of the physical hosts and the physical network on which the compute instances run and the storage and other resources reside.
The security responsibilities that are always the customer’s include managing users and their access privileges (identity and access management), the safeguarding of cloud accounts from unauthorized access, the encryption and protection of cloud-based data assets, and managing its security posture (compliance).
The Top 7 Advanced Cloud Security Challenges
Because the public cloud does not have clear perimeters, it presents a fundamentally different security reality. This becomes even more challenging when adopting modern cloud approaches such as automated Continuous Integration and Continuous Deployment (CI/CD) methods, distributed serverless architectures, and ephemeral assets like Functions as a Service and containers.
Some of the advanced cloud-native security challenges and the multiple layers of risk faced by today’s cloud-oriented organizations include:
Increased Attack Surface Lack of Visibility and Tracking Ever-Changing Workloads DevOps and Automation Granular Privilege and Key Management Complex Environments Cloud Compliance and GovernanceZero Trust and Why You Should Embrace It
The term Zero Trust was first introduced in 2010 by John Kindervag who, at that time, was a senior Forrester Research analyst. The basic principle of Zero Trust in cloud security is not to automatically trust anyone or anything within or outside of the network—and verify (i.e., authorize, inspect and secure) everything.
Zero Trust, for example, promotes a least privilege governance strategy whereby users are only given access to the resources they need to perform their duties. Similarly, it calls upon developers to ensure that web-facing applications are properly secured. For example, if the developer has not blocked ports consistently or has not implemented permissions on an “as needed” basis, a hacker who takes over the application will have privileges to retrieve and modify data from the database.
In addition, Zero Trust networks utilize micro-segmentation to make cloud network security far more granular. Micro-segmentation creates secure zones in data centers and cloud deployments thereby segmenting workloads from each other, securing everything inside the zone, and applying policies to secure traffic between zones.
The 6 Pillars of Robust Cloud Security
While cloud providers such as Amazon Web Services (AWS),Microsoft Azure (Azure), and Google Cloud Platform (GCP) offer many cloud native security features and services, supplementary third-party solutions are essential to achieve enterprise-grade cloud workload protection from breaches, data leaks, and targeted attacks in the cloud environment. Only an integrated cloud-native/third-party security stack provides the centralized visibility and policy-based granular control necessary to deliver the following industry best practices:
Granular, policy-based IAM and authentication controls across complex infrastructures Zero-trust cloud network security controls across logically isolated networks and micro-segments Enforcement of virtual server protection policies and processes such as change management and software updates: Safeguarding all applications (and especially cloud-native distributed apps) with a next-generation web application firewall Enhanced data protection Threat intelligencethat detects and remediates known and unknown threats in real-timeBlog articles
- Best Cloud Service Providers
- Cloud computing security
- CorelDRAW vs Photoshop
- How to Change Color in Photoshop?
- Main Types of Cloud Computing
- Photoshop vs GIMP
- Tips for Better Cloud Compliance