Hello! Welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today’s discussion is going to center around cloud computing. What is the cloud? In a succinct answer, the cloud is someone elses data center that one stores their data in. For example, if subject A has a server, that is their system. If subject A provides services to subject B that reside in that server (storage, computing power, application access, etc), that becomes subject B’s “cloud”.
Now, cloud computing and cloud services have unique acronyms. Let’s break down what those acronyms mean:
IaaS stands for Infrastructure as a Service. Ok, great, what does that mean? This is a cloud “offering” that provides compute, storage, and networking resources on demand. This is one of the more basic cloud services offered.
PaaS stands for Platform as a Service, and this service provides the ability for a customer to utilize a configurable bundle of services that makes up a computing platform.
SaaS stands for Software as a Service, and this means software which is hosted by a third party and provided/delivered over the internet as a service. Think of a service like Microsoft Word Online, or Quickbooks online; the software is not installed on your local system, you are using it across the web.
Those are the three main cloud computing services, but as the cloud computing platforms continue to evolve, many more offerings are developing. Here are a few:
DRaaS – Disaster Recovery as a Service
STaaS – Storage as a Service
DaaS – Data as a Service
XaaS – Anything as a Service
While the evolution of cloud computing continues to advance and more organizations look to the cloud for solutions there is one particular area, similar to on-premises solutions, that tends to be behind or lacking. That area is cloud security or security in general. Many organizations presumed that when they moved their data or services to the cloud that the cloud providers provided security in some form or fashion. By now, well into the cloud computing era, many have realized this is not the case, but for our listeners out there let me reiterate; that is NOT THE CASE.
This is a decent analogy of cloud computing platforms. Take Microsoft, for example. Let’s say Microsoft owns an apartment complex and you wish to rent an apartment from them. They are responsible for ensuring that the walls between apartments are solid to prevent access between them, but YOU are responsible to keep the lock on your own apartment door locked to maintain the security of your belongings within the apartment.
Cloud instances are known as tenants; the cloud platforms ensure the tenants cannot access each other, but it is the responsibility of the tenant owner to secure their own data and other services they purchase. Cloud platforms are targets of many threat actors out there; scans are constantly being done to find those “unlocked doors”.
There are headlines almost every week about a misconfigured cloud instance or misconfigured cloud database that resulted in millions of compromised accounts. Organizations look at many cloud offerings as more convenient to some on-premises solutions, so they rush to adopt the cloud solution without performing proper analysis on the security aspects. This more often than not leads to compromise or breach which ends up costing the organization large sums.
If you are unfamiliar with ways to secure your data, reach out to a security professional BEFORE you move your data to the cloud so you can be prepared beforehand. Consult with the security professionals with specific information (use cases, etc) so they are able to determine the best ways for you to secure your cloud tenant. The extra time and due diligence on an effort like this will definitely benefit in the long run.
We here at GuardSight thank you for taking the time to listen to this TomCast. Please share this if you believe it would be of assistance to anyone in your contact list, and please provide us some feedback in the comments so we can continue to improve. Thanks!