What is Cloud Security?

Cloud Security can be defined as any process, system, or software designed to protect applications and data that are delivered or stored on a cloud based system. The primary difference between more traditional business security and cloud security is that cloud security has evolved to stop data or personal information theft in general, rather than simply protecting the assets that reside on-premise.

The primary shift that IT departments must face when considering a cloud security strategy is that protecting devices, data, and people becomes a collaborative effort between the IT function within an organization, and the provider of that cloud security solution.

What is included in Robust Cloud Security?

Cloud Security has evolved much in the last 5 years. Among the functions that are included in a robust cloud security environment:

• Identity Management
• Policy Management
• Content Filtering
• Authentication and Access Management
• Single Sign-On
• Data Protection or Replications

The Core Benefits of Cloud Security

Cloud security offers multiple layers of security such as sandboxing and dns protection, and can be managed in a single application via a web-based interface. This provides IT Security Specialists with several benefits, including more visibility into the overall security posture of the organization, the ability to control, monitor, and remediate security problems more quickly, and a reduced reliance upon appliance hardware to secure their organizations.

In an enterprise organization of 1000 or more employees, implementing cloud security can also reduce telecommunications and bandwidth costs for traffic inspection, particularly if the organization has two or more offices that are separated by large distances. If an enterprise organization is backhauling traffic 1000 miles or more, to and from an office with more than 100 workers, it is possible to fund cloud security simply by recouping these telco and backhaul costs.

For organizations with a large contingent of telecommuters or a mobile sales staff, cloud computing can also offer a greater level of security for users, even when those users are not connected directly to the company network. Some cloud products offer a low-resource client or agent that can protect users no matter where they are, and no matter what network to which they are connected. In this case, administrators can also adjust and push new policies, patches, or new settings to agent-controlled devices without the end-user needing to take any action. This is ideal for non-technical users who "just want to be protected", but don't possess the knowledge to enforce robust cloud security on their own behalf.

This combination of cost savings, greater visibility, better control over mobile devices, and a single pane of glass in which to manage cloud security has caused many organizations to adopt cloud inspired digital transformation projects to both reduce the cost of IT security and increase protection for cloud based applications, unmanaged devices, and access to the web via guest or unsecured networks.

The History of Cloud Security and Computing

At the turn of the 21st century, a new form of computing resource management came about: Virtualization. This new technology allowed an IT Administrator to build massive networks of virtual machines and provide reliable application and server access via the Internet. Starting in 2009, companies like VMware, Apple, Microsoft, Amazon, and Adobe started to provide services and applications in the cloud, and also provided cloud storage for users who were accessing those applications. In many cases, there was no need to install or store anything on a users' endpoint system, as the application itself was running on a cloud based service.

This shift to the cloud presented another challenge to IT Administrators and Security Specialists. Applications, data, user information, personal information, and company sensitive data were being increasingly stored in the cloud instead of the company network, and the hub-and-spoke security model started to crack under the pressure of cloud preference.

Security software and hardware providers then started that same shift: If cloud apps and data stored in the cloud were a security vulnerability, then cloud delivered cybersecurity was the solution to protect that data, no matter where it was located.

By 2014, security providers were delivering DNS protection, email security, content filtering, and various other tools via the cloud, which reduced the dependency on appliance hardware, brought down backhaul costs, and provided opportunity for companies who were using multiple security vendors to consolidate and migrate to the cloud.

By 2017, companies like Zscaler and OpenDNS had released fully-capable, cloud based Next Generation Firewall (NGFW) services that rivaled and even surpassed the capabilities of non cloud appliance hardware, at a greatly reduced cost. Not only could companies step away from the appliance carousel, they could potentially retire all of their security appliances. Companies with multiple offices who were backhauling traffic to the central office often realized tens or hundreds of thousands of savings yearly just in telco costs, because they no longer had to backhaul through the central office.

This shift to cloud computing happened fairly naturally. As companies' contracts for security appliances came up for refresh, many organizations would look to the cloud for similar functionality in a service, without having to maintain in-house hardware.

Continue Reading...

• What is Cloud Sandboxing and how does it work?
• Appliances or Cloud-Based SSL Inspection... which is best?
• Is a Secure Web Gateway and Content Filtering the same?
• What is DNS Protection and why is it a critical part of cloud cybersecurity?
• More cybersecurity topics.