What Is
Cloud Security?
Cloud Security Definition
Cloud security is a family of security policies, procedures, tools, and technologies designed to protect users, sensitive data, apps, and infrastructure in cloud computing environments. The most comprehensive cloud security solutions span workloads, users, and software-as-a-service (SaaS) resources in the cloud to protect them from data breaches, malware, and other security threats.
Cloud environments, especially hybrid clouds that combine public clouds with remote or on-premises private data centers, are open to a host of vulnerabilities and attack vectors from both inside and outside. That’s why it’s critical to leverage access controls, multifactor authentication, data protection, encryption, configuration management, and more to keep them both accessible and secure.
Why Is Cloud Security Important?
The advent of remote work and cloud adoption has accelerated digital transformation, but as workforces, data, and cloud applications have become more distributed, legacy networking models—built around local workers and resources—have made them slower and less secure. To make up for their losses in security, productivity, and user satisfaction, organizations need to reconsider how they protecting their environments.
Ironically, many organizations cite security concerns as a primary reason not to move to the cloud. But today, in a complex economy driven by innovation—and shadowed by the growing business of cybercrime—organizations need the flexibility and scalability of cloud services, which can only be effectively secured by cloud security solutions that rise to meet the unique needs of the cloud.
How Does Cloud Security Work?
A cloud environment is only as secure as its weakest point, so effective cloud security means multiple technologies working together to protect data and applications from all angles. This often includes firewalls, identity and access management (IAM), segmentation, and encryption, though security needs can vary by the type of cloud deployment.
Rather than protecting a perimeter, cloud security protects resources and data individually. This means implementing more granular and specific security measures, such as cloud security posture management (CSPM), data protection, data security, and disaster recovery as well as a bevy of tools to meet compliance requirements.
What Is Cloud Computing?
Cloud computing, more often just “the cloud,” is increasingly dominant worldwide as a means of accessing applications, data, systems, and more over the internet, instead of only on local hardware or networks. It allows organizations to entrust some of their data, apps, and infrastructure to third parties, which manage and secure those resources to varying degrees depending on the service.
Cloud Service Types
SaaS offerings, cloud storage, and various platform and infrastructure services are available from public cloud service providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.
Some organizations, such as government agencies and financial firms, adopt private clouds to better protect sensitive resources. All told, there are four subtypes of cloud infrastructure deployment as well as four main service models.
The four cloud deployment subtypes are:
- Private cloud: Dedicated infrastructure used by one organization and owned by a third party or the organization itself, which is responsible for all aspects of security management
- Public cloud: Infrastructure owned by a third party and shared among multiple organizations, which also share security responsibilities with the provider per the shared responsibility model
- Hybrid cloud: A combination of private and public deployment where an organization uses each for its strengths, such as scalability (public cloud) or stricter controls (private cloud)
- Multicloud: Shared infrastructure, generally used by organizations that need access to the same applications and/or have the same segmentation and privacy requirements (e.g., PCI DSS)
The four cloud service models are:
- Software as a service (SaaS): Complete software solutions delivered from the cloud, which can be free or paid (e.g., Google Docs)
- Platform as a service (PaaS): Cloud-delivered tools developers can use to build, test, and deploy applications in a scalable environment
- Infrastructure as a service (IaaS): Virtualized infrastructure, managed by a third party, onto which an organization can install software
- Functions as a service (FaaS): Similar to PaaS, but suited to individual functions of apps, which can be spun up or down very quickly (FaaS is also called serverless computing)
Security Risks of Cloud Computing
The cloud helps you build, deploy, use, and maintain resources in a flexible way. Because your organization isn’t responsible for the hardware, you can use as much of the cloud as you need without investing in more appliances to handle the scale.
However, when you move your resources off your network, perimeter-style defenses don’t work anymore, forcing you to re-evaluate how and where your employees work as well as how to most effectively identify security issues, mitigate vulnerabilities, block malware, and prevent data loss.
Cloud Security vs. Traditional Network Security
Network security stacks were designed to protect enterprise networks, not the cloud. They can’t provide the comprehensive cybersecurity and cloud data protection today’s cloud-based applications and mobile users need. To support business-critical SaaS apps (e.g., Microsoft 365) and handle other bandwidth-hungry services as well as more network traffic without added costs or complexity, you need a multitenant security platform that scales elastically. You’ll never get that with a traditional network security architecture.
The best way to secure apps, workloads, cloud data, and users—no matter where they connect—is to move security and access controls to the cloud. Cloud-based security is always up to date, able to protect your data and users from the latest ransomware and other sophisticated threats.
A comprehensive cloud security platform builds in security services and cloud access controls that give you visibility into all traffic moving across your distributed networks (cloud and on-premises). Through one interface, you can gain insight into every request—by user, location, server, and endpoint device around the world—in seconds. API integrations with other cloud service providers, such as those who offer SD-WAN, cloud access security broker (CASB), IAM, and endpoint protection services, further strengthen your security posture.
Why the Cloud Offers Better Protection Than Appliances
Protecting users with consistent and enforceable policies requires much more than simple URL or web filtering. That’s why thousands of organizations have already moved their IT security from appliances to security controls in the cloud. Here are some of the differences between appliance-based security and a cloud-delivered approach.
APPLIANCE-BASED SECURITY
CLOUD-BASED SECURITY
Enterprise-wide protection
APPLIANCE-BASED SECURITY
Requires security stacks at all egress points or backhauling traffic over costly MPLS links from branch offices and remote sites to DMZs. Mobile users go unprotected.
CLOUD-BASED SECURITY
Users get the same protection, whether they’re in the HQ, branch offices, on the road, or at home.
Integrated security
APPLIANCE-BASED SECURITY
Point appliances from different vendors work in isolation, so there’s no simple way to aggregate their data.
CLOUD-BASED SECURITY
Integrated security controls and cloud services correlate information to give you a complete picture of your entire network.
User experience
APPLIANCE-BASED SECURITY
Every appliance between your users and the internet causes latency. If users have to VPN into the data center, their experience is even worse.
CLOUD-BASED SECURITY
Zscaler provides fast local breakouts, and our single-scan multi-action technology enables our security services to scan simultaneously for faster performance.
IT complexity
APPLIANCE-BASED SECURITY
Deploying and maintaining appliances from multiple security vendors is expensive and difficult, requiring continuous patching, updates, and hardware upgrades.
CLOUD-BASED SECURITY
Cloud security consolidates point products into an integrated platform; there's no hardware or software to buy or manage.
Intelligence
APPLIANCE-BASED SECURITY
Point products generally apply a single technique to identify threats and pass the data on to the next appliance. Patches are applied as they become available.
CLOUD-BASED SECURITY
Cloud intelligence means that any time a threat is detected anywhere in the cloud, protection is deployed everywhere. Zscaler applies more than security updates to its cloud every day.
Value
APPLIANCE-BASED SECURITY
Appliances are expensive to buy and own, and as threats increase, you're forced to buy more of them.
CLOUD-BASED SECURITY
Zscaler moves security from capex to opex for about the price of a cup of coffee per user per month.
Cloud Security Solutions
Cloud security aims to protect more than just the perimeter, bringing security all the way down to the data. Some of the most common measures include:
- Identity and access management (IAM) to help provision access to resources in cloud environments. IAM also helps you prevent unauthorized access to data, apps, and infrastructure shared across clouds.
- Data loss prevention (DLP) to monitor and inspect data to prevent exfiltration. DLP is an essential element of cloud computing security that a traditional security model can’t carry out effectively.
- Data encryption to encode data so that attackers can’t interpret it without decrypting it. Encryption also helps establish trust and preserve anonymity, and is required by various privacy regulations worldwide.
- Security information and event management (SIEM) to analyze security logs in real time, giving your security team increased visibility over your cloud ecosystem.
These were the classic techniques for securing the cloud as it became mainstream. But threat actors are much more savvy now, and compliance requirements demand more from security and data protection than they did before. Cloud security has had to evolve to keep up.
How Is Cloud Security Evolving?
The cloud has changed the global technology landscape, and cloud security is changing along with it. More recently, we’ve seen this in the discourse around security service edge (SSE) and zero trust.
As a growing industry trend, SSE solves fundamental challenges related to remote work, the cloud, secure edge computing, and digital transformation, providing secure access to the internet, SaaS and cloud apps, and your organization’s private apps.
Zero trust, a key component of SSE, is also also seeing rapid adoption. Based on the idea that no user or entity should be inherently trusted, a zero trust approach grants access to data and applications based on specific context—identity, content, location, device, and more—while delivering enhanced user experiences.
Why Should You Embrace Zero Trust?
Endpoints, resources, and data are everywhere, and the benefits of the cloud are quickly overtaking reliance on on-premises technology. Securing cloud environments means investing in technologies that will prevent data breaches while helping users stay satisfied and productive, and today, zero trust is the only security paradigm today that can offer that.
According to Cybersecurity Insiders, 72% of organizations are prioritizing zero trust adoption. They understand that archaic, siloed security tools simply don’t have the capacity or scalability to protect all your cloud resources, wherever they’re being accessed from.
As you evaluate zero trust offerings, keep something in mind: any vendor can say they offer zero trust. Many vendors bolt a cloud platform onto a legacy network appliance and call it “cloud ready.” You need a partner with a zero trust solution that was built in the cloud, for the cloud.
How Zscaler Can Help
Zscaler takes the headache out of cloud workload security management. Part of the Zero Trust Exchange™, Zscaler Cloud Protection combines four natively integrated data protection solutions, enabling your organization to:
- Secure workload configurations and permissions with Zscaler Workload Posture
- Secure user access to private apps in the cloud with Zscaler Private Access
- Secure app-to-app connections with Zscaler Workload Communications
- Eliminate lateral threat movement with Zscaler Workload Segmentation
Working together, these solutions can help you eliminate up to 90% of your security policies and reduce your costs by 30% or more. Ultimately, you'll minimize your attack surface, simplify your security strategy with automation, and dramatically lower your security risk.
Zscaler Cloud Protection
Zscaler Cloud Protection secures cloud workloads without introducing operational complexity. With an innovative zero trust architecture, it automatically remediates security gaps and misconfigurations, minimizes the attack surface, secures user-to-app and app-to-app communications, and eliminates lateral threat movement, ultimately reducing business risk. Visit the Zscaler Cloud Protection page to learn more.
See the Difference for Yourself
Still using appliances for network security, and want to know if your company could be safer with cloud security? Take our free security preview test to find out how well you're protected against ransomware and other threats. It's a safe way to discover where you may have gaps in your security.
2022 Magic Quadrant for Security Service Edge
See the full report
Zscaler Cloud Protection at a Glance
Take a look
Securing Cloud Transformation with a Zero Trust Approach
Read the white paper
The 2020 State of Cloud (In)Security
Read the blog