What is Cloud Computing Security?

Your Guide to Cloud Security

Cloud computing security can be a significant challenge for security teams, as well as other groups in IT and compliance. They have to deal with all the regular nuances of stresses of security as well as the added complexity of the cloud. It is possible to devise an effective cloud security strategy, however. Doing it right requires a strong combination of policies, processes, tools and people.

What is Cloud Computing Security?

Cloud security is comparable to traditional cybersecurity or information security, but with a couple of big differences. For one thing, there is no perimeter. This has been a long time coming, but with the cloud, an organization’s digital assets can be located pretty much anywhere. They can be sitting in public clouds like Amazon Web Services or in private cloud infrastructure. Within this seemingly borderless arena, employees or poorly-tracked outsiders can quickly—and sometimes invisibly—“spin up” and “spin down” resources like servers and databases.

There are also multiple entities involved in cloud security, with the cloud provider fielding its own security team. In these cases, the security responsibilities are divided between the cloud provider and the client. The client is on task for access control, data and application security. The cloud provider protects its own network and infrastructure. If a company uses Software-as-a-Service (SaaS) applications like Microsoft 365 or Salesforce.com, its data is in the hands of another corporation altogether.

Learn more about the client’s responsibilities in this shared security model.

Distributed, frenetic and multi-entity as the situation may be, cloud security comprises the same sphere of security work as its on-premises counterpart: access control and identity management, network security, data security, application security, DDoS mitigation, endpoint protection and so forth. Security teams must perform these workstreams and defend their digital assets, regardless of where they are hosted.

How Does Cloud Security Work?

Cloud security works in the same general way as traditional security, but cloud computing security must take the cloud’s distributed and multiple-entity nature into account. For example, with data security, the security team must have a map of where the organization’s data assets are deployed. From there, they must define and data security policies for these data assets. This is partly a matter of tooling, but it’s also an organizational issue. Someone has to be responsible and accountable for cloud data security. Patch management is similarly challenging. With the two-tier security model, the client is responsible for patching servers and applications in Infrastructure-as-a-Service (IaaS) scenarios.

Cloud security practitioners are often concerned with unknown activities occurring in the cloud. Shadow IT, for example, is a frequent problem. Line of Business (LOB) employees might set up a cloud-based service and use a credit card to establish a digital asset that is unknown to security and IT teams. In some cases, shadow IT exposes a company to risks by storing sensitive information on an insecure public infrastructure. Similarly, security policy enforcement can be nearly impossible if IT staffers are setting up digital assets in the cloud without adequate supervision. Even with good intentions, an employee can easily move confidential information to a cloud destination without adhering to any agreed-on security policies.

Is Cloud Computing Security Different Than Network Security?

Cloud computing security differs from network security in several important ways. They overlap, because securing cloud assets involves keeping networks secure. However, while network security is about preventing and monitoring unauthorized access, misuse, or modification of network accessible resources, cloud security is more comprehensive in scope. It covers everything in the cloud, including the networks that get users there. This latter point is worth underscoring, as reaching the cloud invariably means more than one network hop. Much of the time, users are traversing public networks to reach the cloud, especially with today’s work-from-home trend. Even with a Virtual Private Network (VPN), risks abound.

What is a Cloud Access Security Broker?

A Cloud Access Security Broker (CASB) is a piece of software that acts as a proxy between end users and cloud resources. It can literally be a software agent installed on the cloud, acting like a gatekeeper, or it can be agentless. Either way, it brokers secure access to data or applications that reside in the cloud. CASBs monitor user activity, handle access control and enforce cloud security policies. The most common use cases for CASB today involve SaaS solutions. A CASB is one of the core capabilities of Gartner’s Secure Access Service Edge (SASE) framework.

What Makes a Good Cloud Security Solution?

A good cloud security solution is one that enables effective, but efficient execution of all the various cloud security workloads, i.e., it must allow for a security team to stay on top of managing cloud access, defending cloud-based data from breaches and so forth. Team productivity is critical, so tools that can offer a unified view and control set are usually best. Additionally, cloud security tools need to be paired with security analytics engines and a team of security analysts (typically in a security operations center) for continuous 24/7 monitoring. These experts can act fast and respond per the customer’s rules of engagement, helping to accelerate risk mitigation.

What Cloud Security Solutions does Masergy offer?

Masergy offers a portfolio of cloud security solutions, which are available on a managed services basis:

• CASB—Masergy fields a fully-managed CASB solution that is powered by Forcepoint, Leader in the 2020 Gartner Magic Quadrant for CASBs. This approach provides enterprise-grade protection for SaaS apps, complementing Masergy’s fully managed security services. It delivers a comprehensive solution that proactively monitors and manages cloud application risk.
• Cloud Workload Protection—This is a turnkey managed cloud security service that protects multi-cloud environments and provides visibility and monitoring for IaaS and Platform-as-a-Service (PaaS) instances.
• Microsoft 365 Monitoring—Masergy’s monitoring service for Microsoft 365 (previously called Office 365) enables visibility into an organization’s Microsoft 365 security posture. It isolates malicious content and blocks attempts at data exfiltration.
• Cloud firewall—Powered by Gartner Magic Quadrant Leader Fortinet, Masergy’s Cloud Firewall solution leverages a purpose built solution to facilitate security-driven networking. Masergy has embedded Fortinet’s FortiGate hardware into every point of presence (POP) on its software-defined network (SDN), reaching all corners of the globe. The cloud firewall technology is also integrated into Masergy’s SD-WAN and security policies. This allows for consistent security policies across all SD-WAN devices and security alert metrics shown in a single portal.
• Secure Web Gateway—Also powered by Fortinet, the Secure Web Gateway is able to enforce corporate cybersecurity policies by filtering malicious internet traffic in real time, whether it’s coming from websites or cloud applications. The solution provides application-level security, protecting against web attacks with URL filtering. SSL inspection and granular web application policies create visibility and control over encrypted web traffic.
• Shadow IT Discovery— Shadow IT Discovery is part of Masergy’s Managed SD-WAN service. It automatically scans and identifies cloud-based SaaS applications running on an organization’s network.

But beyond just cloud security technologies, Masergy offers a comprehensive solution, giving clients the tools, security analytics, and real-time monitoring they need to leverage the cloud with confidence. Masergy’s technology platform monitors your entire IT environment – cloud and on-prem – ingesting more direct and third-party data to get a clearer, correlated picture of your security posture and risk. Using Masergy’s patented security analytics engine and Detection & Response services, our certified security analysts in three global security operations centers not only craft a prioritized threat response plan, they also act on it. Masergy’s end-to-end service is priced based on users, sites, and log sources. This way, your team can get back to business at a price that makes security more affordable.