Cloud security is top of mind for most organizations leveraging cloud computing. The concept is simple, but the execution is complex and everchanging. Most importantly, the risks/rewards can be immense and long-lasting.
Eric Widener
Cybersecurity Director at Cloud Foundation
Let’s jump into cloud security basics.
Cloud security is the full scope of people, processes, policy and technical components that go into keeping a cloud environment secure from internal and external threats. A successful cloud security approach is a shared responsibility among customers and providers, and it should protect:
Cloud security is important because it protects organizational assets, which helps ensure the business interests and goals of cloud-enabled organizations are being met. An organization may be motivated to protect its cloud environment for a variety of reasons, all of which revolve around the principle that secure data is good business. Motivations may include:
Find out why Forrester recommends Hyland's Alfresco to modernize legacy ECM deployments and leverage cloud-first content, AI-driven insights and powerful process automation.
Standard best practices require cloud security to adopt a defense-in-depth strategy. This well-known approach to securing important assets, such as cloud data, means cloud providers deploy numerous, diverse defense tactics to provide full, dynamic coverage against attacks — both internal or external.
Innovative cloud providers use cloud automation to provide best-in-class security. Automation helps detect misconfigurations, monitor and enforce security protocols, drive updates, audit access logs and evolve to continually better meet an organization’s risk management goals.
A cloud provider should protect and back up data so it can be replicated in more than one place. This ensures your data in the cloud is available even if the datacenter site experiences a disaster, such as a flood, power outage or fire, as well as during a cyberattack. Geographically dispersed cloud datacenters help here.
Cloud computing security provides redundant configurations for critical systems and makes your critical data and content continuously available in the cloud, regardless of attacks or disasters.
Ideally, data segmentation across on-premise and cloud resources can help separate data and/or workflows. This can help prevent lateral attacks and improve compliance efforts. Additionally, it provides the opportunity to assign different security parameter and authentication rules depending on the data segment. In practice, this means data sets or content can only be accessed by users and hosts specifically approved to do so.
Cloud infrastructure with incident response capabilities such as automated cloud monitoring can save compliance fines, alert the team to threats before they succeed and speed security responses.
Data breaches cost organizations more than just time and money to respond to the attack. For those whose data gets exposed, their reputation and customer trust take a hit, too.
Cloud security infrastructure should meet all of your compliance needs, from SOC 2 to HIPAA, GDPR and ISO. Most cloud providers leverage a shared responsibility model to deliver cloud compliance.
Modern cloud environments can quickly scale security updates and protocols to keep your data safe against emerging or detected threats.
This video provides an overview of Hyland Cloud's layers of defense.
Cloud misconfiguration is the No. 1 cloud vulnerability, according to the National Security Agency (NSA). While the industry-wide cloud expert shortage contributes to this (there aren’t enough cloud experts to properly service all the cloud needs in the market), misunderstandings around shared responsibility arrangements also impact cloud security.
Unfortunately, cloud misconfiguration is a widespread problem that even unsophisticated bad actors can take advantage of.
Excessively privileged cloud identities allow bad actors to access the cloud environment and wreak havoc. Least-privilege protocols are needed to limit the systems that users and administrators can access to limit the scope of damage if credentials get compromised.
Brute force attacks, ransomware, supply chain attacks, falsified credentials — all these types of cyberattacks can become a threat to cloud security if best practices aren’t followed.
For cloud datacenters, organizations offload the responsibility of facility and server oversight to their cloud provider. Some organizations may feel they are losing control, but proven cloud providers such as Amazon Web Services (AWS) can offer a much greater level of data protection than less specialized organizations trying to do their own cloud management.
If organizations lack a clear view of the assets they have in the cloud, it’s difficult to keep them all secure.
Cloud service providers are innovating, modifying, updating and replacing their services with incredible speed. So quickly, in fact, that it can be difficult for even the most skilled cloud expert to keep up. New functionality is typically a strength in your technology, but in this case the added complexity can present as a security challenge as well.
Cloud computing is typically delivered via three models — infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).
Security responsibilities differ among the three.
Major cloud infrastructure-as-a-service providers, such as AWS, Microsoft Azure or Google Cloud, lead the industry in cloud security. They have the expertise, physical structures and cloud security best practices in place to secure the cloud infrastructure they provide. IaaS partners, generally, are responsible for datacenters, hardware, network and failover.
PaaS solutions such as AWS Elastic Beanstalk, Salesforce Platform and Hyland’s Alfresco Digital Business Platform are cloud-native. PaaS customers accept a shared security responsibility model in which they, as a customer, must secure their data, application(s) and user accessibility; the PaaS provider is responsible for securing physical infrastructure and operating systems.
A SaaS solution such as Salesforce, SAP or Hyland’s OnBase provides security for the application. If the application is deployed with an IaaS partner, the IaaS partner holds the responsibility for keeping cloud infrastructure safe, as noted above. If the SaaS application is deployed on-premise or in a self-managed cloud environment, the responsibility for cloud security remains with the organization that subscribes to the application.
> Read more | IaaS vs. PaaS vs. SaaS: What’s the difference, and how do I choose?
Any time an organization partners with a third party, it’s important to vet them carefully. Their track record, customer retainment percentage, reputation in the industry, customer success support and more are all important.
When it comes to cloud security, the vetting is critical to both everyday and long-term success.
Luckily, there’s an industry standard for evaluating cloud services partners. The Standardized Information Gathering (SIG) Questionnaire was developed by Shared Assessments, an organization dedicated to developing the best practices, education and products for third-party risk assurance.
Most reputable cloud providers will have this questionnaire completed and ready to share. It covers 19 “domains” within a service provider’s environment:
Cloud security requirements and importance will only grow as more organizations migrate to and operate in the cloud, whether with IaaS, PaaS or SaaS deployments.
Organizations must take due diligence to prevent unauthorized access, data theft and other security issues. Selecting the right solution partners and providers is paramount.
Hyland is a leading content services provider with a range of cloud-enabled and cloud-native technologies, solutions and services. We take cloud security seriously because our customers demand it, and because it’s the right thing to do.
> Learn more | How ECM systems fortify digital security
Learn more about Hyland in the cloud:
Hyland is listed on the AWS Marketplace. Learn more about the benefits of purchasing there, including the ability to:
