Cloud Security

What Is Cloud Security?

It is a collection of technologies, policies and measures used together to protect data and applications from the unique risks that occur in cloud services and managed service providers. It is not specific to a singular process or platform.

According to leading technology research firm Gartner, it means: “the processes, mechanisms and services used to control the security, compliance and other usage risks of cloud computing.”¹

Performed correctly, it maintains the confidentiality, integrity and availability of key resources, but it requires up-to-date tools and tactics. Securing cloud operations is a dynamic strategy that can constantly adapt to the changing tactics of threat actors. It means keeping unwanted activity out of your cloud environment, but also monitoring and reacting to what is happening inside that environment, on your local devices, and between shared resources.

Securing a cloud operation is increasingly complex. Today, it is crucial to implement comprehensive, cloud-specific security measures, as mission-critical platforms and databases are increasingly trusted to a variety of different third-party cloud providers instead of handled in house.

 

Why Is Cloud Security Important?

The importance of security in cloud computing is a direct result of the convenience and popularity of cloud computing itself.

“It is estimated that approximately half of enterprise workloads are in the public cloud today. This is forecast to increase to more than 45% in three years,”² according to the SANS Institute.

Cloud computing, often referred to as “the cloud,” is the delivery of computing services over the internet. The recent ability for enterprise storage, servers, and software to be accessed through the internet unlocked a host of valuable efficiencies, saving time and costs while facilitating non-disruptive, hyper-elastic scale. This makes cloud services extremely popular among firms looking for practicality and business value.

“The cloud offers a long list of well-known benefits; in particular, one that agencies should consider is that building zero-trust architectures, and more secure applications, can be easier in the cloud” explains the US Cybersecurity and Infrastructure Security Agency, commonly known as CISA.³

The rise of hosted services, while powerful, also introduces new security challenges for businesses looking to protect sensitive data, detect possible threats, control access credentials, implement legal compliance measures, and continually scan for vulnerabilities.

As more trust is introduced in a technology stack, a more thorough set of defensive and mitigation techniques should be considered and implemented. It is important to prioritize security from the start and to make it a foundational piece of your cloud strategy.

 

How Does Cloud Security Work?

The Cloud Security Alliance (CSA) along with most working professionals in the cybersecurity industry follow a principle of shared responsibility:

• The cloud service provider (CSP) is responsible for securing the underlying infrastructure, such as physical data centers, the network, and the virtualization layer.
• You, the cloud service customer (CSC), are responsible for securing everything you put on top of that infrastructure, such as the operating system, applications, and data. This means configuring resources properly, managing access controls, and staying current with patches and updates.

The first step to understanding this shared responsibility principle is to recognize the different cloud service models available. Three of the most common service models are:

• Software as a Service (SaaS) refers to using applications that are hosted and managed by a cloud provider, such as email, office suites, and CRM tools. For SaaS products, the CSP is responsible for most aspects of security while you the customer only handle the security involving user access, data, and configurations.
• Platform as a Service (PaaS) refers to accessing pre-configured environments for developing, testing, and deploying applications. For PaaS products the responsibilities are largely the same as with SaaS services, with you the customer also being responsible for the security of any resulting applications and code you develop on the platform.
• Infrastructure as a Service (IaaS) refers to renting the basic building blocks of computing, such as virtual machines and storage. IaaS requires the most responsibility from you the CSC, including all responsibilities from the SaaS and PaaS models in addition to securing all third-party runtime applications, middleware, and operating systems.

In many ways, a division of responsibilities is a natural result of the service offerings, but this overarching principle of shared responsibility ensures all aspects of security are being considered for the entire the cloud technology stack. It reinforces the importance of a good client/provider relationship throughout.

“The key to effective cloud security is understanding the division of responsibilities in any cloud project. Knowing precisely who is responsible for what is crucial, regardless of specific security controls offered by CSPs. This understanding allows organizations to fill control gaps with their measures or consider alternative CSPs. A user’s ability to directly control security is very high for IaaS, and less so for SaaS.”⁴ —Cloud Security Alliance

 

What Are Cloud Security Risks and Threats?

There is a difference between risks and threats in the world of cybersecurity:

• Risks are a broad category of possibilities, and refers to the potential negative outcomes (loss, damage, destruction) that could arise should an adversary exploit a vulnerability and breach your defenses.
• Threats are more specific and refer to the potential actions and exploits that a threat actor could commit. i.e. The adversarial attacks themselves.

Threats are what could happen. Risks are what is vulnerable and at stake.

Some common risk factors for cloud environments include:

• Inadequate strategy and architecture, lowering visibility and awareness due to unconsidered scenarios
• Poor identity and credential management, leading to increased risk of unauthorized access
• Out of date system updates, including patches and critical system vulnerability fixes
• Lack of formal change control procedure, which increases the chance for key responsibilities to be overlooked and steps missed
• Insecure development environments, interfaces, and APIs, which creates a porous, exploitable architecture involving third-party resources
• Accidental cloud data leaks, leading to sensitive information being compromised and the potential for legal consequences
• Misconfiguration of container workloads, one of many forms of human error that require consistent application of preventative measures to eliminate

Common threats to cloud environments include:

• Data breaches, one of the most popular forms of cyberattack given that databases hold valuable financial information and login credentials
• Insider threatsposed by malicious employees or trusted partners with authorized credentials
• Denial-of-Service (DoS)attacks from coordinated threat actors or automated bot scripts
• Advanced Persistent Threats (APTs) such as organized crime syndicates or patient, sophisticated hackers working on long timelines

The business impact of risks and threats are not trivial. Loss of intellectual property (IP) and brand loyalty, for instance, benefits competitors and can lead to compromised product launches or loss of market share. There are also high costs associated with both legal and regulatory failures as well as any incident response and forensic investigation efforts following major breaches.

Cloud architecture is inherently internet-accessible, which makes it particularly vulnerable to attack if not built with a zero-trust, security-first architecture in mind at the outset.

 

What Activities Are Involved When Implementing Cloud Security?

The model of zero-trust security underpins all activities associated with properly securing and defending cloud environments from potential attacks.

First proposed in 2010 by Forrester Research analyst John Kindervag, this modern approach to IT security came as a direct result of the rise of internet-connected services and critical architecture associated with the cloud.

“Zero trust is a cloud security model designed to secure modern organizations by removing implicit trust and enforcing strict identity authentication and authorization,” explains Google in its service provider explainer on why it uses a zero-trust model. “Under zero trust, every user, device, and component is considered untrusted at all times, regardless of whether they are inside or outside of an organization’s network.”⁵

This leads to specific sets of actions to take, from the data up through the network itself and out to individual users and hardware:

1. Database security measures involve encryption, backup, and disaster recovery
2. Network security measures involve network segmentation, traffic monitoring and filtering, and Denial-of-Service (DoS) defense measures
3. Access control measures involve implementing requirements around identity management such as authentication, authorization & permissions, password creation & management, and two-factor authentication (2FA)

Implementing proper security involves not just trust considerations but compliance as well. Firms must adhere to a growing number of regulatory requirements, which vary depending on industry, geographic location, and legal jurisdiction.

Examples of compliance requirements include the General Data Protection Regulation (GDPR) in the EU, California Consumer Privacy Act (CCPA) in the US, the Brazilian General Data Protection Law (LGPD), the Japan Act on the Protection of Personal Information, and the Australian Privacy Act. Each regulation applies to any users accessing your services from their specified jurisdictions, adding a distinctively global, internet-specific set of constraints to the network security landscape.

 

What Is the Process for Implementing Cloud Security?

Many organizations assume that a kind of ‘lift and shift’ approach to hosted security makes the most sense. This essentially means migrating existing databases, operating systems, and applications into a cloud environment and updating configurations based on the specific cloud service offering. Of course, a cloud environment is not at all the same as traditional on-prem environments with new paradigms, such as serverless computing and container virtualization demanding new solutions altogether. A lift-and-shift can suffice, but in many cases, a whole new security mindset shift is required to adapt to the changing, dynamic nature of cloud-based network architecture, operations, and control models.

That said, there is a standard workflow to every implementation that begins with reflection (auditing and analysis) before deciding, executing and testing:

1. Identify security needs, vulnerabilities, and compliance requirements
2. Research cloud service providers, services, and deployment models to make informed choices
3. Define the appropriate architecture based on the providers chosen and needs identified
4. Assess resulting security controls and gaps in the resulting architecture
5. Introduce and implement missing control points based on the gap analysis
6. Test controls and systems for effectiveness, reliability and interoperability
7. Manage ongoing changes to internal and external environments and adapt accordingly

While this outlines a high-level process, it is a great place to start when preparing and planning regardless of the specific solution you choose.

 

What Types of Cloud Security Solutions Are Available?

There are many options when it comes to securing your cloud environment and particular needs. Broadly speaking, they tend to fall into one of the following categories, listed here in increasing level of complexity:

Identity and Access Management (IAM)

These tools control who has access to what, with centrally managed access for administrators to control access and permissions. They leverage tactics like role-based access control (RBAC) and multi-factor authentication and are usually set up to follow the least privilege principle (“A security principle that a system should restrict the access privileges of users to the minimum necessary to accomplish assigned tasks.”⁶)

Public Key Infrastructure (PKI)

The use of public key encryption and digital certificates in a cloud setting are crucial for ensuring server call authenticity. This can also extend to the use of VPNs, which leverage encryption to create a secure connection over unsecured hosted routes.

Security Information and Event Management (SIEM)

These tools automate the process of monitoring, logging, and reporting threats as they occur, utilizing statistical models to detect unusual network activity. These persistent, always-on vulnerability scans form an essential part of any cloud environment and are sometimes bundled as Intrusion Detection & Prevention Systems (IDPS).

Cloud Security Posture Management (CSPM)

These tools are also a form of network security automation like SIEM, but instead of detecting active, aggressive threats from the outside they identify misconfigurations, insecure interfaces, vulnerable components, and compliance breaches with the security system itself.

Data Loss Prevention (DLP)

These systems can be thought of as CSPM tools applied to data. They protect against insecure data access by implementing a set of policy protocols for how data can be handled and alert administrators when these protocols are not being followed. The alternative is for system admins to manually track and confirm that company policies are being followed, which becomes increasingly difficult as internal headcount and vendor relationships grow.

Secure Access Service Edge (SASE)

A concept first coined by Gartner in 2019, SASE is a centralized cloud security system that removes the need for individual legacy solutions to protect specific systems or components. It functions as an added layer in between your internal systems and the cloud and helps to bridge the gap between legacy devices and decentralized security architecture.

 

How Does Forescout Help?

Forescout’s cloud-native, security operations and analytics platform empowers your in-house or contracted security operations personnel to perform advanced asset intelligence management across any network or asset type. From threat detection and response to risk exposure and management, network security is our mission – regardless of system environment. The Forescout platform works across cloud, traditional IT and industrial operational technology environments. If it is critical infrastructure to you or your organization, Forescout gives superior asset intelligence and control.

The Forescout platform specializes in taking action and includes:

• Continuous Monitoring: Forescout continuously monitors network assets, assessing their security posture in real time. It identifies any new devices joining the network and ensures they comply with security policies. This continuous monitoring helps detect and respond promptly to potential security threats.
• Policy Enforcement: Forescout enables organizations to enforce security policies across the network. It can automatically apply predefined security policies or custom rules based on device characteristics, ensuring that devices comply with the organization’s security standards. This helps prevent unauthorized access and reduce the attack surface.
• Automation and Orchestration: Forescout offers automation capabilities to streamline security processes. It can automate responses to security incidents, isolate compromised assets or trigger predefined actions based on policy violations. This automation helps in mitigating threats quickly and efficiently.
• Risk Assessment: Forescout assesses the risk associated with each device on the network. It considers factors, such as device type, vulnerabilities, and security posture to assign risk scores. This information assists security teams in prioritizing their efforts and addressing the most critical security issues first.
• Compliance Monitoring: For organizations with specific compliance requirements, Forescout helps monitor and enforce compliance with regulations and standards. It provides insights into the compliance status of assets, helping organizations adhere to industry-specific security and privacy standards.
• Integration with Cybersecurity Ecosystem: Forescout integrates seamlessly with leading cloud security solutions, such as firewalls, endpoint protection, and SIEM (Security Information and Event Management) systems. This integration enhances overall security by facilitating coordinated responses to security incidents and ensuring a holistic defense strategy.

Experience the power of our platform’s advanced visibility, policy enforcement, and automation – schedule your demo today and fortify your cloud network against the challenges of the digital landscape.

---

¹ Gartner, Cloud Security: Understand, Mitigate and Manage Risk Types, https://www.gartner.com/en/cybersecurity/topics/cloud-security
² SANS Institute, Cloud Security: First Principles and Future Opportunities, 2024 https://www.sans.org/white-papers/cloud-security-first-principles-future-opportunities/
³ Cybersecurity and Infrastructure Security Agency. “CISA Zero Trust Maturity Model,” 2021 https://www.cisa.gov/zero-trust-maturity-model
⁴ Cloud Security Alliance, Security Guidance: For Critical Areas of Focus in Cloud Computing v5, 2024
⁵ Google, “What is zero trust security?” https://cloud.google.com/learn/what-is-zero-trust
⁶ NIST, Computer Security Resource Center Glossary, “Least Privilege,” https://csrc.nist.gov/glossary/term/least_privilege