Cloud Security can be defined as any process, system, or software designed to protect applications and data that are delivered or stored on a cloud based system. The primary difference between more traditional business security and cloud security is that the organizational strategy to protect applications and data must evolve to stop data or personal information theft in general, rather than simply protecting the assets that reside on-premise.
The primary shift that IT departments must face when considering a cloud security strategy is that protecting devices, data, and people becomes a collaborative effort between the IT function within an organization, and the provider of the cloud security solution.
What is included in a Robust Cloud Security Solution?
Cloud Security solutions have evolved much in the last 5 years. Among the functions that are included in a robust cloud security solution include:
- Identity Management
- Policy Management
- Content Filtering
- Authentication and Access Management
- Single Sign-On
- Data Protection or Replications
The Core Benefits of Cloud Computing Security
Cloud security offers multiple layers of security such as sandboxing and dns protection, and can be managed in a single application via a web-based interface. This provides IT Security Specialists with several benefits, including more visibility into the overall security posture of the organization, the ability to control, monitor, and remediate security problems more quickly, and a reduced reliance upon appliance hardware to network security at their organizations.
In an enterprise organization of 1000 or more employees, cloud security solutions can also reduce telecommunications and bandwidth costs for traffic inspection, particularly if the organization has two or more offices that are separated by large distances. If an enterprise organization is backhauling traffic 1000 miles or more, to and from an office with more than 100 workers, it is possible to fund the entire cloud security solution simply by recouping these telco and backhaul costs.
For organizations with a large contingent of telecommuters or a mobile sales staff, cloud computing security can also offer a greater level of security for users, even when those users are not connected directly to the company network. Some cloud solutions offer a low-resource client or agent that can protect users no matter where they are, and no matter what network to which they are connected. In this case, administrators can also adjust and push new policies, patches, or new settings to agent-controlled devices without the end-user needing to take any action. This is an ideal solution for non-technical users who "just want to be protected", but don't possess the knowledge to enforce robust cloud security on their own behalf.
This combination of cost savings, greater visibility, better control over mobile devices, and a single pane of glass in which to manage cloud security has caused many organizations to adopt digital transformation projects to both reduce the cost of IT security and increase protection for cloud based applications, unmanaged devices, and access to the web via guest or unsecured networks.
The Evolution of Cloud Computing and Security
At the turn of the 21st century, a new form of computing resource management came about: Virtualization. This new technology allowed an IT Administrator to build massive networks of virtual machines and provide reliable application and server access via the Internet. Starting in 2009, companies like VMware, Apple, Microsoft, Amazon, and Adobe started to provide services and applications in the cloud, and also provided storage for users who were accessing those applications. In many cases, there was no need to install or store anything on a users' endpoint system, as the application itself was running on a cloud based service.
This shift to the cloud presented another challenge to IT Administrators and Security Specialists. Applications, data, user information, personal information, and company sensitive data were being increasingly stored in the cloud instead of the company network, and the hub-and-spoke security model started to crack under the pressure.
Security software and hardware providers then started that same shift: If cloud apps and data were a security vulnerability, then cloud delivered cybersecurity was the solution to protect that data, no matter where it was located.
By 2014, security providers were delivering DNS protection, email security, content filtering, and various other tools via the cloud, which reduced the dependency on appliance hardware, brought down backhaul costs, and provided opportunity for companies who were using multiple security vendors to consolidate.
By 2017, companies like Zscaler and OpenDNS had released fully-capable, cloud based Next Generation Firewall (NGFW) services that rivaled and even surpassed the capabilities of appliance hardware, at a greatly reduced cost. Not only could companies step away from the appliance carousel, they could potentially retire all of their security appliances. Companies with multiple offices who were backhauling traffic to the central office often realized tens or hundreds of thousands of savings yearly just in telco costs, because they no longer had to backhaul through the central office.
This shift to Cloud Computing Security happened fairly naturally. As companies' contracts for security appliances came up for refresh, many organizations would look to the cloud for similar functionality in a service, without having to maintain in-house hardware.