What is Cloud Security?
Cloud security is the collective term for the strategy and solutions that protect a cloud infrastructure, and any service or application hosted within its environment, from cyber threats.
Cloud security often follows what is known as the “shared responsibility model.” A cloud service provider (CSP) — the business or entity that provides infrastructure as a service — must monitor and respond to security threats related to the cloud’s underlying infrastructure.
Meanwhile, end users, including individuals and companies, are responsible for protecting the data and other assets they store in the cloud from theft, leakage or other means of compromise.
For organizations that use a cloud-based model or are transitioning to the cloud, it is important to develop and deploy a comprehensive security strategy that is specifically designed to protect and defend cloud-based assets.
2021 CrowdStrike Global Threat Report
Download the 2021 Global Threat Report to uncover trends in attackers’ ever-evolving tactics, techniques, and procedures that our teams observed this past year.Download Now
How does Cloud Security Work?
As in a traditional security strategy, cloud security techniques can focus on prevention, detection or response. Measures include:
- Real-time, advanced monitoring, detection and response capabilities: Leveraging data, analytics, artificial intelligence (AI) and machine learning (ML) to generate a more precise view of network activity, better detect anomalies and respond to threats more quickly
- Multi-factor authentication: Confirming the user’s identity through two or more pieces of evidence
- Encryption: Encoding information from its original format to an alternative form
- Microsegmentation: Dividing an overall cloud network into smaller zones to maintain separate access to every part of the network and minimize damage in the event of a breach
Taken together, these security measures help ensure threats are effectively and efficiently contained and neutralized, which in turn allows organizations to reduce their “breakout time” — the critical window between when an intruder compromises an endpoint and when they move laterally to other parts of the network.
Types of Cloud Environments
Cloud environments fall into three categories: public, private or hybrid. Each of these cloud models serves the same purpose — to share computing resources across a network and enable the delivery of cloud-based services.
While location and ownership used to be the main points of differentiation for public, private and hybrid clouds, the lines between each of these categories have blurred, making it more difficult to categorize some modern infrastructure. Below is an overview of each environment, though it should be noted that the rapidly evolving technology landscape suggests these models will continue to blend over time.
A Public cloud can deliver and support technology services via the public internet through a third-party cloud service provider. Public cloud access is provided through a subscription or “as-a-service” model, where users pay the service provider to store information or host services on the cloud network. Examples of prominent public cloud providers include Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure.
Many organizations choose to use the public cloud because it offers the ability to scale quickly with minimal investment and maintenance costs. However, what the organization gains in potential savings, it sometimes compromises in privacy and control. This is due to a public cloud’s multi-tenancy, which means that each cloud user operates alongside other businesses or individuals. Because the cloud is a shared resource, a breach with one “tenant” could spread to others throughout the cloud. Each user’s security is dependent not only on their own security strategy and that of the cloud service provider, but also on those using the same cloud.
In general, companies should not rely on a public cloud to manage or process customers’ personal data, store financial information, complete transactions or perform any tasks that involve sensitive information.
Private clouds serve the same purpose as public clouds but are dedicated to just one customer. They provide a cloud infrastructure for exclusive use by one business, organization or government entity. Because the private cloud is not shared with any other users, this type of network tends to provide far greater control, privacy and security — as long as the user has adopted a comprehensive security strategy specifically designed for the cloud.
Private clouds are an ideal solution for any organization that must follow strict compliance mandates or that require complete control over their data. Government agencies, financial institutions, healthcare service providers and other large organizations that collect or store customers’ personal data should generally use private clouds to conduct business.
In the past, private clouds were owned and operated by the end user and sourced from the organization’s on-premises IT infrastructure. Today, private clouds are much more flexible and can be managed by the business, a third-party service provider or a combination of the two.
Hybrid clouds combine elements of private and public clouds to create a single IT environment. The crucial element in a hybrid model is that both private and public elements are seamlessly integrated into a single view, allowing the organization to monitor and review all activity from a central location.
With this model, organizations are often able to leverage the cost savings of a public cloud while maintaining a higher level of security for select functions through a private cloud. For example, in a hybrid model, a company can leverage a public cloud for high-volume, low-risk activity, such as hosting web-based applications like email or instant messaging, while a private cloud can be reserved for functions that require more security, such as processing payments or storing personal data.
Why Is Cloud Security Important?
The benefit of cloud computing is also its main drawback: Users can access cloud environments from anywhere with an internet connection — but so can cybercriminals and adversaries.
For businesses shifting to a cloud-based model, security is a top concern. Organizations must design and implement a comprehensive security solution to protect against an expanding array of threats and increasingly sophisticated attacks within the cloud environment. Traditional security strategies intended to protect on-premises hosted networks and associated assets must be revised to address the threats related to the cloud environment.
What Are the Security Risks Associated with Cloud Computing?
Security risks in the cloud can be attributed to four main issues: human error, misunderstanding the “shared responsibility” model, shadow IT and an inadequate security strategy.
Human error. The majority of breaches in the cloud are caused by human error. These errors can include misconfigured S3 (Amazon Simple Storage Services) buckets, which leave ports open to the public, or the use of insecure accounts or application programming interfaces (APIs). These errors transform cloud workloads into obvious targets that can be easily discovered with a simple web crawler. Because clouds typically don’t have perimeter security, these access points can then be exploited, often resulting in theft, service disruption and reputational harm.
Misunderstanding the “shared responsibility model,” i.e., runtime threats. In public clouds, much of the underlying infrastructure is secured by the cloud service provider. However, everything from the operating system to applications and data are the responsibility of the user. Unfortunately, this point can be misunderstood, leading to the assumption that cloud workloads are fully protected by the cloud service provider. This results in users unknowingly running workloads that are not fully protected, and adversaries can target the operating system and applications to obtain access. Even securely configured workloads can become a target at runtime, as they are vulnerable to zero-day exploits and unpatched vulnerabilities.
Shadow IT. Shadow IT, which refers to applications and infrastructure that are managed and utilized without the knowledge of the organization’s IT department, is another major issue in cloud environments. In many instances, DevOps contributes to this challenge, because the barrier to entering and using an asset in the cloud — whether it is a workload or a container — is extremely low. Developers can easily spawn workloads using their personal accounts. These unauthorized assets are a threat to the environment, as they often are not properly secured and are accessible via default passwords and configurations, which can be easily compromised.
Lack of cloud security strategy. As workloads move to the cloud, administrators continue trying to secure these assets the same way they secure servers in a private or an on-premises data center. Unfortunately, traditional data center security models are not suitable for the cloud. With today’s sophisticated, automated attacks, only advanced, integrated security can prevent successful breaches. It must secure the entire IT environment, including multi-cloud environments as well as the organization’s data centers and mobile users. A consistent, integrated approach that provides complete visibility and granular control across the entire organization reduces friction, minimizes business disruption and enables organizations to safely, confidently embrace the cloud.
How to Achieve Cloud Security
As a cybersecurity company that has built one of the biggest cloud architectures in the world, CrowdStrike has gained unique experience on what it takes to secure the cloud.
CrowdStrike relies on a three-pronged security strategy to guide its cloud security initiatives:
1. Focus on the adversary. In all areas of security, including the cloud, it is critical to understand adversaries: who they are, what they want, what they must accomplish to get it and how that maps to an attack surface.
2. Reduce the risk of exposure. Many organizations can drive down their risk of exposure by limiting their IT environment to what is needed to run the business. This includes continually searching for and removing unnecessary attack surfaces.
3. Monitor the attack surface. Organizations must constantly assess their attack surface and consider ways to improve visibility. This approach serves two purposes: 1) It makes it more challenging for adversaries to hide, and 2) it drives up cybercriminals’ attack costs.
For more information about CrowdStrike’s approach to cybersecurity, download our recent white paper: A Proven Approach to Cloud Workload Security. It covers some of the knowledge and experience the CrowdStrike® team has gained and shares key factors that make the cloud vulnerable to threats.
Want to see how the CrowdStrike Falcon Platform blocks malware? Start a free trial and see how it performs against live malware samples.