Darktrace Glossary>Cloud Security

What is Cloud Security?

CONTENTS

Cloud security definition

Cloud security is the protection of information and services that companies are storing in their cloud-based environments. Cloud-based environments provide data storage and computing power that is owned by a third party where organizations can deploy and run their software applications outside of their local hardware systems.

Organizations are increasingly shifting to cloud-based storage for their digital information because cloud-based storage allows ubiquitous access to company data through the internet. This shift to cloud environments is also known as “cloud migration”. While cloud technology enables enterprises to increase productivity, they are also at risk of new forms of cyber threats that are aimed at information stored in the cloud.

What are cloud computing services?

Cloud computing services are a computational service provided by a third party ISV to help organizations run their business operations. Shifting to cloud-based operations allows enterprises to off-load tasks that are time consuming for their IT teams. Popular cloud computing services:

IaaS (Infrastructure-as-a-Service)

Provides on demand, pay-as-you-go virtualized computing services, network, and storage resources.

PaaS (Platform-as-a-Service)

PaaS includes operating systems and database management and development tools that developers need to build and run applications.  

SaaS (Software-as-a-Service)

SaaS is an application delivery model that allows users to access data and conduct work activity via an application that is accessible over the internet.

Why is cloud security important?

Cloud migration represents a shift to a more accessible and productive work environment by moving digital data into the cloud environments that are managed by third parties like Microsoft and Amazon Web Services. However, anytime methods change in a digital infrastructure there emerge new forms of cyber threats.  

While third-party providers have security measures in place for their services, asset management and accountability still play a major role for enterprises using cloud services.  

Cloud security involves solutions that allow you to use these third-party providers safely and bring additional visibility to avoid any additional cyber risk it might cause your organization.

Cloud security challenges?

Lack of visibility

Organizations adopting cloud-based services should maintain visibility across their user accounts and groups. This can be difficult because the activity happens outside the corporate network. Without a security solution that offers integrations with your specific cloud provider, incidents like account takeover compromises can be difficult for security teams to identify.

Shadow IT

Shadow IT is the exposure of an organization’s digital systems, like software, devices and applications, outside the control or knowledge of the IT department. Because digital activity in the cloud takes place outside the organizations network, cloud shadow IT poses a threat to business continuity given that these services can be accessed anywhere through the internet.

Compliance

Compliance, even when using a cloud-service provider, is still the responsibility of the user organization. It is important for the security team to be aware of the regulatory requirements in place for data privacy and overall security without heavily relying on the cloud-service provider.

Misconfiguration

These are vulnerabilities in your systems such as unpatched networks that an attacker can use to breach your systems. Misconfiguration accounts for a significant amount of security breaches in cloud environments. Common cloud misconfigurations are leaving unrestricted inbound or outbound ports, disabling monitoring or logging, opening ICMP access.

External sharing of data

When data is shared with third-party service providers, data has the potential to be intercepted or compromised. Encryption of sensitive data and appropriate data management tools will allow organizations to accommodate for any risk external data sharing poses to their organizations.  

Cyber threats facing the cloud?

When organizations move their data to cloud environments, they are creating a new landscape with respective vectors for cyber criminals to attack. Having visibility on these cloud systems is paramount to reducing the risk of a successful cyber-attack.  

Account takeover

Account takeover, account takeover fraud, or account compromise refers to a cyber-criminal gaining control of a legitimate business account. This can happen when a threat actor successfully obtains an individual’s login credentials. Account takeover can be detrimental to business operations at any organization because with a legitimate account, attackers can operate covertly, have a stamp of credibility, and authority depending on whose account is compromised.

Insider threat

Insider threats are individuals within an organization that pose a threat to cyber security. This can also take the form of human error through unintentional insider threats, for example, accidental data leakage. Threats like these make it crucial to have awareness of user activity and have incident response procedures in place.

Misconfiguration

These are vulnerabilities in your systems such as unpatched networks that an attacker can use to breach your systems. Misconfiguration accounts for a significant amount of security breaches in cloud environments. Common cloud misconfigurations are leaving unrestricted inbound or outbound ports, disabling monitoring or logging, opening ICMP access.

How to stop cloud based cyber attacks?

Cloud environments are hosted by 3rd parties that have their own security posture. However, it is still vital for organizations to develop a monitoring system that allows them to keep track of user accounts and other digital assets that might be at risk of a cyber-attack in the cloud and throughout their digital ecosystem. To do this, choose a security solution that provides integration capabilities to your desired cloud infrastructure, with visibility of your digital assets, and can detect and response capabilities for threats aimed at your cloud environment.

Cloud cyber security

Darktrace/Cloud is powered by Self-Learning AI, which learns an organization’s normal business operations so it can recognize subtle deviations that indicate a cyber-attack. In this way, Darktrace offers highly bespoke security solutions that can be deployed anywhere a company has data, including standard cloud deployments, as well as serverless deployments and microservices. 

Darktrace/Cloud provides total visibility of an organization’s data in a single pane of glass. It analyzes network data in the cloud alongside control pane events. It covers IaaS, PaaS, and SaaS to regain control over single and multi-cloud infrastructure. Not only can it identify emerging threats across these areas, but it can also take targeted, proportionate action to autonomously neutralize cyber-attacks, without disrupting business. 

With all these capabilities, Darktrace can protect organizations from major threats to data security. For example, Darktrace/Cloud can detect data exfiltration and insider threats, protecting sensitive information stored in the cloud. It can identify unusual data downloads and when it detects a suspicious data flow in Kubernetes cluster, it can contain it. Finally, since Darktrace/Cloud’s AI grows with each business’s data, it benefits organizations at all stages of their cloud journeys. 

Related glossary terms

Integrated Cloud Email Security (ICES)
Cloud Email

Featured Resources

View all resources
Data Sheet
Why Darktrace?
White Paper
A CISO's Guide to Email Security 2023
Blog
Integrating Email Security to Build a Posture Greater Than the Sum of Its Parts
Blog
A Shifting Email Conversation: Email Security is Stuck Looking to the Past