What is cloud security?
Cloud security, also known as cloud computing security, is an umbrella term that refers to the policies, controls and other technology used to protect data and other details involved in cloud computing.
(Cloud computing is provides shared resources and information to computers, smartphones, tablets and other devices on-demand.)
Threats to cloud security
In 2013, the Cloud Security Alliance released its “Notorious Nine,” a list of the top cloud-computing threats at that time.
The CSA was most concerned with data breaches, which have been a global threat to individuals and corporations.
Concerns over data breaches in the cloud have risen with wide-spread news of massive thefts.
Those include one that resulted in hackers gaining access to the personal and credit card information for millions of Target customers.
Other concerns noted by the CSA include the loss of data, the hijacking of services or accounts, dangerous “insiders” who could take advantage of the cloud.
Also, insecure interfaces, Denial of Service attacks, the abuse of cloud computer services, lack of a true understanding of cloud computing and risks, and threats involved with shared infrastructure.
Essentially, some security experts believe that cloud computing – or as you might know it, “The Cloud” – is largely insecure.
Others disagree, and believe the concern of using cloud services is based on a lack of controlling the information through an on-site server.
Others believe the cloud is feared because it’s not really understood.
Who is affected by cloud security?
There are two categories who must consider pros and cons of using the cloud: those that provide cloud services to customers, and customers themselves.
Customers could be individuals, organizations or corporations.
One issue to consider is control.
When you choose to use the cloud for storing your files, you won’t necessarily have the data stored on an internal server.
If personal, sensitive data is included in the files that are stored in the cloud, that could be put at risk.
The CSA has estimated insider attacks – attacks by employees who have access to the information – are the sixth-biggest threat with cloud services.
If your company uses cloud services, do you have security procedures in place to ensure employees can’t misuse the information, or even destroy it out of revenge in the future?
Are you able to constantly monitor cloud usage and look for suspicious activities that are occurring?
Forms of cloud security
Those using a cloud service should consider their network security and adopt preventative measures.
It’s also necessary to protect data being stored on the cloud.
Use encryption services to keep sensitive data secure and out of the hands of criminals who might use it for their own good.
Consider using methods of control that detect threats or attacks that might occur in the cloud.
There could also be corrective security controls to help limit the damage caused by a cloud attack.
One control to help correct an attack might be, for instance, a system that restores to backup files to help rebuild a system that was targeted by an attack.