Svg Vector Icons : Return to Glossary

What is cloud security?

Cloud security is a broad term encompassing the technology and best practices designed to protect data and information within a cloud architecture. Cloud security ensures data privacy, security, and compliance around data stored in the cloud. Because of cloud computing’s distributed and dynamic nature, there are unique considerations when it comes to securing data within the cloud. 

VMware vSphere Platinum - Getting Started Hands-on Lab

Start Here

Cloud security includes the security controls and process improvements that strengthen the system, warn of potential attackers, and detect incidents when they do occur. Cloud security considerations should also include a business continuity plan and data backup plan in case of a security breach or other catastrophe. There are various cloud security solutions for the public cloud, private cloud, and hybrid cloud involving a wide range of tools.

In public cloud environments, cloud security takes a shared responsibility model, meaning that the cloud provider is responsible for the security of hardware and software, while the customer is responsible for the security of their own assets, including virtual machines, applications, and data.

Why cloud security?

Cloud computing resources are distributed and highly interdependent, so a traditional approach to security (with an emphasis on traditional firewalls and securing the network perimeter) is no longer sufficient. Cloud computing makes dynamic use of shared resources automatically provisioning storage, network, and computing resources based on demand. In addition, cloud environments are increasingly connected, making it difficult to maintain a secure perimeter. While this less walled off approach has many advantages, it can also increase security risks by increasing the potential attack surface. The best cloud security plans allow companies to take advantage of cloud computing benefits while also minimizing the risks.

Cloud security considerations

In addition to these concerns, cloud computing creates a number of other unique security issues. It’s harder to identify users when virtual machines are constantly being spun up and addresses and ports are assigned dynamically. In addition, multitenant environments in public cloud environments mean that an organization’s data shares space with that of other organizations. Thus, it’s important for public cloud providers to keep tenants isolated.

Benefits of cloud security

Cloud security offers a variety of benefits, including:

  • Protection against attacks: A primary purpose of cloud security is to defend enterprises against hackers and distributed denial of service (DDoS) attacks.
  • Data security: Robust cloud security also protects sensitive data with precautions such as encryption to avoid information falling into the wrong hands. 
  • Improved availability: Many cloud security services offer live monitoring and support, which improves availability in addition to addressing security concerns.
  • Increased reliability: A thoughtful cloud security approach includes built-in redundancy, leading to a more reliable experience.
  • Regulatory compliance: It can be tough to ensure that a complex cloud architecture meets industry regulatory requirements. Cloud providers help ensure compliance by providing security and support.

How cloud security works?

Cloud security encompasses a broad range of tools and practices, so there’s no single explanation for how it works. The most important function of cloud security is to ensure that only authorized users access data stored in the cloud. Enterprises use a number of tools and strategies to achieve this, including:

  • Micro-segmentationThis security technique divides the data center into distinct security segments down to the individual workload level. This allows IT to define flexible security policies and minimizes the damage attackers can cause.
  • Next-generation firewalls: Smarter and more effective than a traditional firewall, a next-generation firewall uses application-aware filtering to keep out advanced threats.
  • Data encryption: This process encodes data so that a key is needed to decipher it, preventing it from falling into the wrong hands.
  • Threat intelligence, monitoring, and prevention: These capabilities scan all traffic to identify and block malware and other threats.

Cloud security best practices

In addition to these technologies, there are a number of things that enterprises can do to ensure cloud security. Enterprises should:

  • Know which aspects of cloud security they are responsible for, rather than assume that the cloud provider will handle everything.
  • Ensure visibility into the cloud architecture across the organization. 
  • Have a strong understanding of the cloud architecture, to help avoid security holes due to misconfiguration.
  • Disable unused ports and remove unnecessary processes and instances, since all of these can contribute to vulnerabilities.

Responsibility for cloud security is shared between cloud providers (which offer a number of security tools and services to customers) and the enterprise that the data belongs to. There are also many third-party solutions available to provide additional security and monitoring.

Why is cloud more secure than legacy systems?

It’s a common misconception that the cloud isn’t as secure as a legacy, on-premises system. After all, enterprises that store data on-premises have control over its security. But most businesses don’t have the kind of resources and expertise that the big public cloud providers do, and that can make the cloud more secure. It’s run by professionals, with all the advantages that implies:

  • Physical protection for data centers such as fences, guards, and security cameras
  • Cutting-edge cloud security technology such as micro-segmentation and AI-driven detection and response
  • The combined technical expertise of entire teams dedicated to securing data

Data breaches in the cloud have made headlines in recent years, but in the vast majority of cases, the breaches were a result of human error. Thus, it’s important for enterprises to take a proactive approach to securing data, rather than assuming the cloud provider will handle everything. Cloud infrastructure is complex and dynamic, and it requires a robust cloud security approach.

Related Topics
Application Security
Cloud Computing Infrastructure
Data Center Security
Cloud Migration
Private Cloud
Hybrid Cloud
Cloud Networking
Hybrid Cloud Security
Network Security

VMware Cloud Security related Products, Solutions, and Research