AWS Azure Cloud security GCP

FUNDAMENTALS OF CLOUD SECURITY

What is Cloud Security?

For a better understanding of cloud security, one must first be able to tell what Cloud computing is. A common take on the description of cloud computing is that it involves the consumption of system and compute resources, network services, and storage services without direct manipulation by the user. Computing and IT services must possess below characteristics to be considered as a True Cloud computing service:

       On-demand self-service: This outlines the process by which a consumer can utilise cloud services such as network storage and resource sharing without the manual intervention of the cloud service provider or technical support staff.

       Broad network access: This constitutes the resources and services that can be accessed via smartphones, tablets, laptops, and workstations regardless of the location as long as the network is available in that area.

       Multi-tenancy or resource pooling: This comprises an architecture in which multiple resources are combined at the physical layer for increased capacity to serve multiple tenants. Cloud Service providers are then able to handle the requests of multiple consumers.

       Metered services: These are the billing services often referred to as pay-per-use. They involve all cloud services paid for by a client in order to be accessed and manipulated. One pays only for the capacity or package that best suits his or her needs.

Rapid elasticity and scalability: This refers to the extent to which resources can be dynamically added or removed.

Cloud Security is therefore the overall strategies and principles for securing Cloud computing resources. Cloud security is a shared responsibility between the service provider and the client in that the consumer enacts simple security measures such as setting up passwords and user IDs, basically, authentication controls. The complex procedures are initiated by the service provider and they consist of principles, guidelines, techniques, and controls for protecting digital assets which are created, processed and stored in cloud systems, workloads and infrastructure services. It is a divided process between the two bodies listed with the service provider doing most of the heavy lifting.

Cloud security is a growing concept in that, new technological advancements result in the development of new threats and vulnerabilities, therefore, resultant countermeasures need to be introduced to mitigate these negative factors.

Why is Cloud Security a Necessity?

In the modern world, digital assets are vital to both large and small-scale businesses as well as for personal use. They, therefore require, appropriate controls for them to be secured against cyber threats. Several organizations are leveraging the numerous advantages and power provided by Cloud computing to boost their competitive advantage and survive in this fast-changing economy. Threat actors on the same token are leveraging technological advancements to increase their techniques and strategies for exploitation. This is where cloud security comes in, to effectively deploy controls to protect digital assets stored in the cloud, from multiple cyber threats that could compromise their confidentiality, integrity and availability.

Furthermore, it is coupled with standards and regulations such as ISO-27001 / ISO-27002, General Data Protection Regulation (GDPR) and NIST SP 500-293 that govern the activities conducted within the system and outline secure practices to be adhered to while using it.

Cloud Service Models

Cloud computing is usually offered in 3 specific models called the Cloud service models. These 3 models are the main fundamental models that serve as the backbone of cloud services. The 3 main Cloud service models are:

Software as a Service (SaaS): Applications are provided to consumers as a service in this model. Also, integration of this model into a cloud paradigm on a pay per use provides organizations with attractive alternatives to in house solutions.

Platform as a Service (PaaS): This model, however, constitutes an application platform that provides developers with the ability to create, host and deploy applications. It delivers both the computing platform and the solution stack which accelerates and deployment of software applications.

Infrastructure as a Service (IaaS): This model comprises shared internet infrastructures such as servers and storage. In this model, amenities such as provision processing, storage, networks and other computing resources are availed.

Cloud deployment models

Cloud services are deployed in 4 different models to provide various advantages and added value for consumers of cloud services. The different models provide a broad spectrum for balancing economic, security, and privacy requirements. Different organizational verticals ranging from highly regulated to highly agile can move within these models to suit their business needs.

Public cloud: Public cloud services are available to the general public to be consumed as the terms and conditions of the service permit.

Private cloud: In this deployment model, the cloud service belongs solely to an organization. The organization manages its private cloud or outsources the management to a 3rd party. The cloud service exists either on-premise or off-premise.

Hybrid cloud: Organizations can choose to merge the best of different deployment models in a manner that suits their needs best. Some critical components of their infrastructure can be hosted on-premise in a highly secure, protected and expensive Private cloud, while the less critical digital assets are hosted in Public clouds to benefit from its highly economical and efficient nature.

Community cloud: Several organizations within similar verticals with shared goals and operations can form a community to acquire and operate cloud services. This deployment model is restricted to only the members of the community. The cloud service can exist either on-premise by the community member organizations or off-premise by a 3rd party.

Cloud Security Principles

These are the integral blocks that define secure architectures and design principles for securing cloud resources. They consist of:

User Identity and Access Management: This ensures that the right people with the proper clearance have access to data. Significant assets are accessible to the authorized ranks only.

The core aspects of Identity and access management are:

             Authentication: This is the verification of a user’s identity through the use of a user ID and password. In this process, organizations are protected from malicious attacks aimed at stealing confidential information. Access to digital assets is limited to the designated consumer.

           Authorization: This involves the privileges and permissions granted to a consumer by the cloud service provider to access cloud services. Access to cloud-stored data is given only to authorized User IDs, which provide the correct password, set up by the user. These entities are unique and complex to prevent illegal logins through the cracking of passwords or back doors to the system.

           Accountability: This involves a holistic approach in the determination of the actions and behavior of an individual within a cloud system.

Security by Design: This highlights security protocols and measures implemented in a system to mitigate its vulnerabilities and make it impenetrable to viruses and malware.

Compliance: Cloud systems must be compliant with industrial standards defined by expert organizations and consortium for ensuring top-notch service delivery through observation of these standards.

Segmentation: This involves the partitioning of Data and Resources within zones ensuring accessibility to approved entities only.

Data Encryption: This ensures the encoding of vital data to prevent unauthorized access. This is a key measure in the mitigation of data breaches.

Automation: Involves automated processes that come into play to ensure continuous protection and monitoring of digital assets or implementation of new updates as well as scanning for threats.

Flexible Design: A cloud service system should be compatible with new entities or development without compromising existing security processes within the system.

Visible Design: This constitutes a detailed view of the activities or processes, initiated by an organization, taking place within a cloud system. It outlines

Auditing: This is a periodic analysis of a cloud vendor’s performance. It involves system and transaction controls, backup controls data library procedures, data center security, contingency plans and system development standards.

Summary

Setting up a dependable cloud security strategy requires comprehensive foundational study, critical analysis and evaluation of a cloud system to bring to light weaknesses that may limit the proper functionality of a cloud service provider, as well as establish its stability. The security of a cloud system depends on its architecture, which is the design that embraces the structure of a cloud system and the risks facing it in a particular environment. In conclusion, a cloud system’s security and compliance should be backed up by relevant certifications, reliability, logging and audits to achieve an efficient protection service.

Foundations of a cloud security system, therefore, involve the inner workings of automated or user-initiated processes that counter threats to cloud security