Cloud computing security

Cloud computing security is a subsection of cybersecurity, and as a subsection carries a lot of the same concerns and protocols as other cybersecurity measures but with a focus on cloud computing environments, be they public, private, or hybrid cloud environments. This includes the protection of data, applications, and infrastructure involved in cloud computing. The methods of providing cloud security include firewalls, penetration testing, obfuscation, tokenization, virtual private networks, and avoiding public internet connections.

Cloud computing security also covers types of cloud-based services and on-demand solutions, including Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service. In these systems, the cloud vendor is responsible for securing the underlying infrastructure with a cloud security system. On the user or client side of cloud computing security systems, the vulnerabilities of a security system include social engineering and malware, but also include data breaches, data loss, account hijacking, service traffic hijacking, insecure APIs, and shared technology.

Cloud computing often offers greater security than the use of local services. This is because the service providers tend to have stronger security measures, including physical security measures, and employ security experts to keep the data secured. And cloud security service providers have to follow certain regulatory requirements for storing sensitive data.

The security systems require network protections as well to protect against attacks. One part of this is microsegmentation, which creates zones to isolate workloads from each other and secure them individually and creates roadblocks to would-be attackers to move laterally from infested hosts. The other part applies to inline flow of traffic. This cloud security solution should allow authorized users to securely access cloud-based data while providing threat visibility into what activities they are performing.

Cloud security has a lot to do with access. Based on the nature of the environment, the traditional controls use a perimeter security model. In cloud environments, perimeter defenses are easier to bypass, through insecure APIs, weak identity and credentials management, account hijacks, and malicious insiders.

But, despite this, some sources suggest close to 95 percent of cloud security failures are the fault of the user, with misconfiguration and mismanagement being the leading issues. These are often caused by misconceptions and assumptions, where users may assume the cloud service provider is in charge of securing the cloud environment in a situation where the provider is in charge of protecting the physical data centers and the user maintains responsibility for protecting virtual machines and applications. A lot of breaches in cloud computing occur in opportunistic attacks on data left open by errors in how the cloud environment was configured. And multi-cloud environments in enterprises can create a misconfiguration problem where there is a lack of awareness of all the cloud services in use.