Understanding Cloud Security & Data Protection
These days lot of organizations are moving to cloud but one thing every customer ask and that is about Cloud Security. They have lot of questions on cloud security like Is our data secured in Cloud environment? Or Is your data in Cloud hackable? Or Can your data be disclosed by the Cloud Service Provider?
Here I am going to answer all these questions and explaining about Cloud Security in this context.
Is your data secure in Cloud environment?
Yes, your data will be secured in cloud environment if you can design security solution/configurations leveraging public cloud providers features and third-party tools efficiently.
The amount of security configuration work you must do will varies, depending on what kind of cloud services you select and how sensitive your data is.
Security in Cloud creates a shared responsibility model between the customer and Cloud Service Provider (CSP). CSPs are responsible for securing the infrastructure (hardware, software, networks, and facilities of their Data center) that supports the cloud and you will be responsible for anything you put on the cloud or connect to the cloud (Data, Operating System, softwares, tools, License, Access, Credentials, authentication, encryption etc.)
Is your data in Cloud Hackable?
No, cloud systems are not hackable in terms of technology, hardware and network services provided by cloud provider. However, if security configurations are not done accurately by the user then loopholes in security may lead vulnerability in your cloud environment.
Can your data be disclosed by the Cloud Service Provider?
Your content/data will not be disclosed unless service provider required to do so to comply with the law of the country or a valid and binding order of a governmental or regulatory body. Unless prohibited from doing so or there is clear indication of illegal conduct about the use of CSP’s products or services. CSP notifies customers before disclosing customer content so they can seek protection from disclosure.
To understand all above and similar security related concerns you should first understand Cloud Security. Let’s discuss what is cloud security and how many domains we need to take care from cloud security point of view.
What is Cloud Security?
As every second your information/data travel through cloud and from different locations, networks and regions. We need to ensure it is not leaked in process of transmission from one place to other. Typically, all firms are well verse about physical and technical security of their On-premise data center. Similarly, cloud services and Infrastructure need to be secured to protect the confidentiality, integrity, and availability of your or your client data.
In Cloud context, security is a shared responsibility between the Cloud Service Provider (CSP) and its users/customers. CSPs take care of physical and logical security of its underlying hardware until Hypervisor layer. However, anything above Operating System is Client responsibility because customer owns the data and service provider has no access to it. Although it also varies in each model of Cloud Computing for some services.
Cloud Security is all about leveraging security features and tools to design and build a secure cloud environment to protect the privacy and integrity of cloud customers and their data. Cloud Security is blend of technologies and policies designed to adhere and regulate compliance rules and protect information, data applications and infrastructure associated with Cloud Computing use.
Cloud Security Categories
From cloud security perspective, below are the cloud security domains or categories that needs to be considered while building cloud environment.
- Physical Security
- Network security
- System Security
- Application Security
- Data Security
- Identity and Access management
- Security operations
Each ownership for each type of security in cloud varies in each model of Cloud. You can see who is responsible for what in each cloud model in below image.
- Physical Security- is the protection of hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. CSPs are responsible to take care of this security.
- Network Security – Includes data security in transit to and from the public cloud provider. It means designing and building network configuration and its elements allowing a secure access to cloud resources from your on-premise Data centers, Office, Internet etc. This security is shared responsibility between CSPs & Customer.
- System Security- This capability covers operating system hardening, protection and policy control. The host security at PaaS and SaaS Level are transferred to CSP.
- Application Security – It’s a shared responsibility in cloud context to protect the application running over the cloud. Based on type of cloud model application security is managed, for e.g in SaaS cloud provider will manage the security of the application. While at the PaaS level platform security will be managed by CSP and deployed application will be customer responsibility.
- Data Security – Data security capability includes securing data in transit and at rest it to avoid data loss and exposure.
- Identity and Access management- This capability evolves around authentication, verification and authorization of cloud resources.
- Encryptions – As all communications between regions is across public Internet infrastructure; therefore, appropriate encryption methods should be used to protect sensitive data.
- Security operations- Governance and strategic direction on security policies, risk assessment and its maintenance.
Choose Cloud Service Provider considering Data Security, Information Security and Quality Assurance?
Its depends on data and its criticality in terms of sensitivity, availability & durability requirement. For choosing most reliable cloud service provider we must consider CSP’s accreditations, security certifications and third party audit assessment reports. All major cloud service provider share their policies accreditation on data privacy, security, durability, availability information on their respective portals under valid Non-disclosure agreement. These certifications are global and can be achieved through periodic rigorous external audit accredited certification bodies based on NIST (National Industrial Security Program Operating Manual) global standards.
Some of the Most popular Cloud Service Provider Accreditations and Certification for cloud computing compliance and security are given in attached article. Read it to understand Cloud Accreditations and Certification that will finally help you to choose right Cloud Service Provider.
- Cloud Data Center Locations for Top 3 CSPs (AWS, Azure & Google) - September 23, 2019
- CCSK Certification Training Material - September 21, 2019
- Cloud Security – How to Secure Cloud Environment? - December 24, 2018