Development and Managed Hosting
ANEXIA
MAY
27
2022

Cloud security in relation with cloud computing

Written on May 27, 2022 by Michael Hiess

In the early days of cloud computing, many companies were still hesitant to to upload their data to a cloud. Reservations about cloud security were widespread. Today, cloud computing is taken as much for granted like electricity, which is available everywhere without questioning where and how it is generated and what path it takes from the power plant to the socket.

 

What is cloud security?

The term cloud security refers to various procedures and technical solutions designed to prevent external and internal threats in the cloud computing environment. Cloud security is a topic that affects both: cloud providers and cloud customers to the same degree. Cloud computing has revolutionized the way business processes are conducted. Cloud providers usually offer a very high level of security measures to protect the data in the cloud. However, it is also important to be aware of the various risks and to take the right measures to ensure that cloud security is seamless.

Like any technological system on which value-creating business processes run, the cloud is also “vulnerable” and as its use increases, so does attention to security issues.

One of the main risks is unauthorized data access by third parties.Cloud Security im Cloud Computing Umfeld

Cloud Security Basics

There are several security measures that any organization or user can take to protect their data in the cloud:

  • Use of strong passwords with multi-factor authentication (2FA).
  • Encryption of all data, both at the file system and in transit.
  • Implementing a backup strategy.

In addition to unexpected data loss (e.g., due to a provider’s bankruptcy, serious technical problems, or unannounced account lockouts), the main dangers in cloud computing are unauthorized access by third parties. This includes the following examples:

Cloud Security Zugriff von Datendieben

Access by data thieves

Data thieves seek to capitalize on stolen data or to advance their careers. Data thieves target any type of information. From bank account numbers to complete user profiles and personal information. They steal any data they can get. Industrial espionage is also a common driver for data thieves.

Cloud Security Zugriff von Hackern und Crackern

Access by hackers and crackers

They try to penetrate the security systems of public institutions or companies, primarily to demonstrate their special skills. After a successful hack, some hackers inform the administrators about the gap they used. Recently, however, a large proportion of hackers have been pursuing primarily criminal goals. This includes the infiltration of code to carry out ransomware attacks and subsequently extort the owners of the data. Malicious hackers are referred to as crackers in the professional world.

Zugriff von staatlichen Behörden

Access by government agencies

The NSA scandal has shown how easily U.S. intelligence agencies can access personal data. In unusual circumstances, other government agencies can also lawfully gain access to cloud data under a court order. As a result, government actors are also a potential risk factor for data security, as they can gain legal access. However, European legislation on the General Data Protection Regulation (GDPR) provides a very high level of privacy protection, so government access is very rare.

Zugriff von Mitarbeitern

Access by employees

Both active and former employees of a company can become a security risk. Cloud providers can take many security measures to protect against external threats, but they can’t do anything about internal threats. Internal threats occur when people within the organization misuse or accidentally delete the data. Therefore, every organization should have careful identity and credential management. Regardless of whether the IT is in the cloud or on-premise.

Individuals should only be able to access and edit data that is relevant to their position in the company (the least privilege principle). For this reason, role-specific authorizations must be regularly reviewed and questioned. If an employee leaves the company, all authorizations must be revoked at the date of exit. Internal security starts with reliable, error-free cloud management that is familiar with the complexity of its services and thus prevents outages and data loss.

Remedy by Cloud Access Security Broker (CASB)

A particularly time-saving approach to the secure use of cloud services is the use of a Cloud Access Security Broker (CASB). This is a software solution specifically designed to manage and secure cloud access. The CASB is between users and the cloud service, managing their communications and acting as an external security gateway. The Cloud Access Security Broker serve as monitoring and management tools in the cloud, informing about unusual operations and determining what actions should be taken in case of a security alert.

Cloud Access Security Broker CASB

Microsegmentation of workloads

Microsegmentation is increasingly being used in cloud security implementations. It involves dividing cloud deployments into numerous security segments, down to the level of individual workloads. With the help of flexible security policies and isolation of individual workloads, the damage in case of unauthorized access to data can be greatly limited.

Mikrosegmentierung des Workloads

Restricted, physical access

Another important part of cloud security is physical security. This is a combination of various precautions that prevent direct, physical access to the hardware housed in the data center. Physical security includes measures such as securing direct access through security doors and biometric access systems, uninterruptible power supply, video surveillance, air and particle filtration, fire protection and more.

Cloud Security physischer Zugriff

Cloud Security Summary

Any organization using cloud services should be aware that even small internal security errors or mishaps can have a major impact on cloud-based services, both in terms of data and operational security.

Cloud services are made up of numerous components, which must smoothly work together to provide the promised functionality. Cloud providers face the enormous challenge of providing a high level of technical sophistication to their customers, while maintaining a high level of usability and ensuring a professional level of cloud security.

Anexia is an active member of the Alliance for Cyber Security (ACS) of the German Federal Office for Information Security (BSI) and the international Cloud Security Alliance.

For more information on data privacy and security at Anexia, click here.