Cloud security involves the procedures and technology that secure cloud computing environments against both external and insider cybersecurity threats. Cloud computing, which is the delivery of information technology services over the internet, has become a must for businesses and governments seeking to accelerate innovation and collaboration. Cloud security and security management best practices designed to prevent unauthorized access are required to keep data and applications in the cloud secure from current and emerging cybersecurity threats.
Cloud computing categories
Cloud security differs based on the category of cloud computing being used. There are four main categories of cloud computing:
• Public cloud services, operated by a public cloud provider — These include software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS).
• Private cloud services, operated by a public cloud provider — These services provide a computing environment dedicated to one customer, operated by a third party.
• Private cloud services, operated by internal staff — These services are an evolution of the traditional data center, where internal staff operates a virtual environment they control.
• Hybrid cloud services — Private and public cloud computing configurations can be combined, hosting workloads and data based on optimizing factors such as cost, security, operations and access. Operation will involve internal staff, and optionally the public cloud provider.
Here’s a diagram showing common control plane across cloud models:
When using a cloud computing service provided by a public cloud provider, data and applications are hosted with a third party, which marks a fundamental difference between cloud computing and traditional IT, where most data was held within a self-controlled network. Understanding your security responsibility is the first step to building a cloud security strategy.