More than often, people conflate the term “cloud” with the general Internet. Though it’s true that some of the parts making up the cloud are accessible via the Internet, the cloud and the Internet aren’t the same. Through cloud computing, companies, individuals and service providers can get the right amount of computing resources dynamically for their needs. They can access these application services over a network.
The three distinct types of cloud deployments include private, public and a hybrid of both. For the private cloud, the deployment takes place in the data center and under a proprietary network using certain cloud computing technologies. On the other hand, the public cloud is dynamically accessible to the users as requested under a free or pay-per-usage model. A hybrid cloud is a cloud computing environment relying on a combination of public cloud and private cloud services.
What is Cloud Computing Security?
Also known as cloud security, cloud computing security refers to a number of controls, technologies, and policies adopted to protect the applications, infrastructure, and data in the cloud. The practice resembles information security, network security, and computer security though it solely focuses on the cloud. The provider has the mandate of ensuring that the cloud computing infrastructure is secure for the safety of customers’ data. Consequently, the user needs to adopt authentication measures such as using strong passwords and Two-Factor Authentication.
Cloud Security Controls
With the correct defensive implementations in place, it’s easier to employ cloud security controls. The controls help address these issues that arise in cloud computing. They aim at preventing any weaknesses in the system and reducing the possible consequences of an attack. They are as follows:
Corrective controls help minimize the consequences of an incident by reducing the effects of the damage. You can employ them during or after an incident. An example of a corrective control can entail restoring system backups for you to rebuild a compromised system.
Preventive controls focus on strengthening a system against incidents. They also reduce and eliminate potential vulnerabilities. Using strong authentication on a cloud platform to prevent unauthorized users from accessing it is an example of a preventive control.
Detective controls aim at appropriately identifying and responding to any incidents that occur. You can rely on them to signal the corrective or preventative controls to address an issue a system faces. You can also rely on them to support the communications infrastructure.
With deterrent controls, you can reduce attacks on a cloud system by informing potential attackers that there will be adverse consequences for their actions. Deterrent controls are also a subset of preventive controls. You can adopt them by enactive punitive measures or penalties to punish unauthorized users.
As discussed above, cloud computing offers the users with capabilities to store and retrieve their data in different data centers. The three deployment models explained above include private, public and hybrid cloud. Furthermore, security concerns associated with cloud computing can affect the customers who store data on the cloud or use host application. They also affect the cloud providers who offer the infrastructure or platform for storing data.