Cloud Security

Cloud security is a broad term referring to the tools and processes organization’s use to protect assets and data stored in the cloud from cyber attacks and threats. This also includes data running in the cloud’s workloads, and anything housed in Software-as-a-Service (SaaS) applications.

There are different types of cloud computing categories under the umbrella of cloud security, including:

• Public cloud services (public provider), such as Software-as-a-Service (SaaS), Infrastructure-as-a-Service (Iaas), or Platform-as-a-Service (Paas). In these cases, the software may be owned by a third party, the hardware is run by others, and only the data is owned by the primary organization.
• Private cloud services (public provider), such as a corporation running email on G Suite rather than operating their own email servers. In this case, data and implementation may belong to the corporation, while the responsibility for the infrastructure is the provider’s.
• Private cloud services (internal staff), such as IT staff running applications and workloads on servers that aren’t housed elsewhere in the cloud. In this case, the provider may be responsible for the server’s operation, but internal IT staff owns what runs on the servers, including applications and data.
• Hybrid cloud service, which is perhaps the most common. It’s a hybrid environment that includes assets, applications, and data in each category.




The biggest challenge in a cloud security model is the difficulty of pinpointing who is responsible for securing what. Most security solutions advocate a shared responsibility model.