DevOps Glossary

Cloud Computing Security

What is Cloud Computing Security?

Cloud computing security refers to the technical discipline and processes that IT organizations use to secure their cloud-based infrastructure. Through a cloud service provider, IT organizations can outsource management of every aspect of the technology stack, including networking, servers, storage, virtualization, operating systems, middleware, runtime, data and applications. Cloud computing security includes the measures that IT organizations take to secure all of these components against cyber attacks, data theft and other threats.

Cloud Computing Security Controls

IT organizations and the cloud service providers they do business with share responsibility for implementing security controls to protect applications and data that are stored or deployed in the cloud. These controls include a variety of measures for reducing, mitigating or eliminating various types of risk: the creation of data recovery and business continuity plans, encrypting data, and controlling cloud access are all security controls.

While many types of cloud computing security controls exist, they generally fall into one of four categories.

Deterrent Controls - Deterrent controls are designed to discourage nefarious actors from attacking a cloud system. These controls may act as a warning that an attack will be met with consequences. Insider attacks are a source of risk for cloud service providers, so an example of a deterrent control could be a cloud service provider conducting criminal background checks on employees.

Preventive Controls - Preventive controls make the cloud environment more resilient to attacks by eliminating vulnerabilities. A preventive control could be writing a piece of code that disables inactive ports to ensure that there are no available entry points for hackers. Maintaining a strong user authentication system is another way of reducing vulnerability to attack.

Detective Controls - The purpose of detective controls is to identify and react to security threats and events. Intrusion detection software and network security monitoring tools are examples of detective controls - their role is to monitor the network to determine when an attack could be happening.

Corrective Controls - Corrective controls are activated in the event of a security attack. Their role is to limit the damage caused by the incident. A developer might write a piece of code so that when a certain type of threat is detected, data servers are disconnected from the network to prevent data theft.

Each type of security control plays a role in maintaining the overall security posture of a cloud computing system. A successful security operations team takes measures to deter attacks from happening, quickly detect attacks that do happen, limit their impact and ultimately restore function and stability to the cloud environment.

Cloud Computing Security Issues and Challenges

As organizations deploy an increasing number of applications to the cloud and depend more on cloud service providers, cloud computing security is a growing concern for IT organizations. The proliferation of cloud services introduced new security issues and challenges that could not be addressed with traditional network security techniques. These are the core challenges driving innovation and technological adoption in cloud computing security today.

Data Protection in Cloud Environments

Organizations that choose to host sensitive data with a cloud service provider are losing control of physical access to the server. This creates additional security vulnerabilities because the organization can no longer play a role in determining who has physical access to the servers. An employee of the cloud service provider could access the data illegally, modify or copy it, and even distribute it to others. To prevent insider attacks, cloud service providers should conduct detailed employee background checks and maintain strict and transparent control of access to servers and IT infrastructure.

User Authentication and Access Management

Cloud services should be secured with a username and password, but there is always a risk that a nefarious actor could steal login credentials, gain unauthorized access to cloud services and steal or modify data. An attacker could also release malicious code into the system. Cloud service providers should implement a secure credentialing and access management system to ensure that customers are protected from these types of attacks.

Lack of Visibility of Cloud Services

One of the major challenges that IT organizations face in cloud computing security is a lack of visibility of applications and services that are deployed in cloud environments. A lack of visibility means that the IT organization cannot efficiently collect or aggregate information about the security status of applications and infrastructure that are deployed in the cloud. This can be due to having a high number of disparate systems working together, or due to a lack of transparency between the business and cloud service provider.

Lack of Control over Cloud Infrastructure

In legacy IT systems that are deployed and managed on-premises, IT organizations maintain complete control over every piece of IT infrastructure in entire technology stack. In contrast, when an organization outsources part of its IT infrastructure to a cloud service provider, it necessarily gives up some control over how that infrastructure is deployed, managed and configured. This means that IT organizations must increasingly rely on their cloud services vendors to make administrative decisions that enforce a high security standard.

Lack of Transparency Between Business and Cloud Service Provider

Transparency is a major issue for organizations that :

  1. rely on cloud service providers for data storage AND
  2. operate in industries where data security and privacy is tightly regulated OR
  3. maintain a certification for information security

If your organization collects health or patient information in the United States, your company will be covered by the Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996. The HIPAA security and privacy rules establish legal requirements for companies to protect individuals' medical records and other personal health information.

Maintaining perpetual certainty of your compliance status with HIPAA is necessary to avoid the costly fines and penalties associated with non-compliance, but for organizations that use cloud services, it may be impossible to know for certain that the data is secure. How can you be sure that the data has not been replicated and stored on an unsecured server? How can you be sure that it was not compromised by an insider attack? How will you know if a hacker steals it from a server that you don't manage?

Vendors ultimately need to partner with trusted cloud service providers that have a track record of providing exceptional security and the resources to ensure that data can be fully protected.

Sumo Logic Helps You Secure Your Hybrid Cloud Environment

Sumo Logic's platform provides intelligent security analytics for your hybrid cloud environment, leveraging innovations in machine learning and big data to supercharge your threat detection, maintain compliance with mandatory privacy regulations such as the European GDPR and PCI DDS, and enhance your forensic investigation and incident response capabilities.

Sumo Logic aggregates event logs from applications, network components and IT infrastructure throughout your public, private or hybrid cloud environment. This data is collected into a single platform where it can be analyzed and correlated to identify potential security threats. Sumo Logic addresses and mitigates some of the most important challenges of cloud computing security, including helping IT organizations increase visibility and control of their cloud infrastructure and deployments.