SOC Talk: Conversations from the Trenches continues 7/13 with Detection, Investigation and Response in a Cloud-Based World. Register Today ➞

Cloud Security

What You Need to Know

What Is Cloud Security?

These days, cloud computing is ubiquitous. What started so many years ago as a theoretical concept now touches our everyday lives. Whether you're streaming music, binging Netflix, or catching up on email, the cloud is now a part of normal life.

In layman's terms, the cloud is an off-site method of data storage whose physical servers are usually managed by a third party. Cloud security, then, is the method of ensuring the data in the cloud is protected.

As cloud adoption grows, so does cloud complexity. Is traditional security architecture keeping up? Are you maintaining information security visibility? And if not, what are the solutions that can keep pace? Before we get into proper methods of defense, let’s examine the various types of cloud environments that can cause all this complexity. Then, let’s explore the conditions surrounding the cloud security dilemma and dig into the strategies and technologies that really work for securing the cloud—without stretching your budget.

Cloud computing is the collection of servers that hold information in an off-premises data center. When speaking of cloud security, the two key concepts are the security of the cloud and the security of data in the cloud. This concept is understood as the “Shared Responsibility Model.”

Types of Cloud Environments

There are three main types of cloud environments: public cloud, private third party, and private in-house.


The differences between the three types lie in who is responsible for what. A combination of these approaches is often called a hybrid or multi-cloud environment.

Public Cloud

If you use Google Docs, you’re using a public cloud: Many organizations/individuals have access to it, it’s hosted by a third party, and you’re in a shared-responsibility security model— more about that later. You could have data stored on the same servers as others, although your data is hidden from view. Essentially, it’s like renting an apartment.

Private, Third-Party Cloud

If public clouds are like renting an apartment, private third-party clouds are like renting a house. The hardware and software can reside either offsite or on-prem with the customer but are still managed by a vendor (the landlord). The difference is, you get the whole thing to yourself, unlike the multitenancy of public clouds. It’s good for organizations that don’t have the necessary IT personnel to manage and secure cloud functions.

Private, In-House Cloud

Having a private, in-house cloud is like buying a house, and is great for organizations with a lot of virtualized resources or who have recently upgraded their hardware. These clouds are built over existing architecture, often over VMware infrastructure. You, the owner, are entirely responsible for your security here, and many opt for third-party private cloud management tools to assist.

Hybrid Cloud

Hybrid cloud models mix public and private clouds, or cloud with on-premises applications. Multi-cloud models combine various cloud models only. According to a recent survey of 750 enterprise cloud decision-makers, 93% had a multi-cloud strategy. With the complications of both “buying” and “renting,” it’s easy to see why total hybrid or multi-cloud security is often difficult to organize and achieve. It’s important to have a solution that can unify threat protection across them all.

Cloud Services

XaaS in the Cloud

Largely inspired by the still-prevalent demand for cyber talent, businesses are switching to more cost-effective and efficient as-a-Service offerings in the cloud.

XaaS offerings provide flexibility, often an upgraded or expanded security team, and security tools that smaller businesses may not otherwise be able to afford. Here are some examples of XaaS solutions you’ll find in the cloud.

Software-as-a-Service

You don’t buy the software—you “rent” its use and the provider owns the infrastructure.

Platform-as-a-Service

PaaS provides middleware, or application infrastructure, for a fee.

Infrastructure-as-a-Service

IaaS is a very highly structured offering that provides automated computing resources (owned by the provider), along with networking capabilities and storage.

Securing the Cloud Mockup
How to increase cloud visibility to power new business opportunities

Shared Responsibility Model

Here, controls are shared between cloud provider and customer. The public cloud provider owns security of the cloud, while you’re responsible for the security of what happens in it. For example, the provider maintains the requirements for the infrastructure, and you as the customer provide your own control implementation within that infrastructure. This and other security policies can change based on which platform you use: Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).

Provider's Responsibility

In this model, it’s all outsourced. Your provider is fully responsible for securing all infrastructure (software, hardware, networking, facilities) comprising their public cloud services. AWS Cloud Services is an example of this type of security model.

Customer's Responsibility

You are fully in charge of the security of your resources—cloud, on-prem, and all identities. No matter which type of deployment is used, you always own your access management, data, endpoints, and account.

It’s important to know which cloud-native tools are needed to properly secure each of those platforms, such as those required for AWS cloud security monitoring. Here are some specific use cases, using AWS as an example:

Patch management:

AWS patches its infrastructure. The customer patches their guest OS and apps.

Configuration management:

AWS configures its infrastructure devices. The customer configures their guest OS, apps, and databases.

Awareness and training:

AWS trains its employees, the customer trains their own.

Challenges of Cloud Security

As the industry faces a cyber talent crisis and XaaS solutions abound, migrating services to the cloud seems both attractive and affordable—and it is. In a survey of how enterprises would respond to the worker shortage, 37% said they will use cloud service providers. And that makes sense, given there are myriad benefits to cloud migration, such as cost-savings, built-in backup, and central management tools.

However, cloud growth has come with a few inherent problems. “Technological innovation is partly to blame for [the cloud security] situation. The adoption of disruptive technologies like cloud computing and hybrid IT have moved sensitive data beyond the enterprise’s corporate network, requiring new access models and data security considerations as the traditional network perimeter deteriorates.”

In other words, as technologies advance, they become more entangled and difficult to penetrate, while at the same time the threat landscape continues to proliferate and evolve. So, you have fewer cyber talents working in more complex cloud environments with even less visibility. Ouch.

Check out our SOC Talk episodes on securely migrating to AWS, Azure, and GCP

Multi-Cloud Environments

These challenges become even more difficult when stretched across multiple cloud deployments. Multi-cloud visibility is notoriously difficult to improve and maintain.

“Not only have enterprises accelerated their shift to the cloud in recent years, but they have also leapfrogged into multi-cloud security environments. With this transition comes a challenge: Maintaining visibility.” This leads to cloud security breaches, which make for popular headlines. However, there seems to be a lot of fuzziness surrounding what really went wrong in there—“a ‘misconfigured database’ or mismanagement by an unnamed ‘third party’” are ambiguous headlines belying a lack of knowledge. And all too often, the companies themselves don’t know.

Lack of understanding about where in the cloud you’re having issues seems to be one of the prime culprits of insufficient cloud security controls. You can’t defend what you can’t see. However, as many organizations are a combination of on-prem (SIEM, EDR) resources and cloud technologies, you need a uniform approach to security across all environments. Ultimately, you want a security solution that provides a unified threat response across all your environments.

Now, let’s talk about how to create a unified solution that covers on-prem and cloud environments—taking you out of the dark and into the driver’s seat.

Securing the Cloud

It is important to secure your assets even while migrating to the cloud. However, once fully transitioned, there are best practices to protecting what’s in it:

Find new ways to gather data:

Firewalls don’t work in a remote setting, so it’s time to find some new security controls. Start by finding out where your critical data lives and work back from there to determine which ones. Possible solutions include:

  • Cloud-based proxies (like firewalls for cloud)
  • Cloud Access Security Brokers (CASBs) for data loss prevention
  • Open APIs, which allow you to get data on a granular scale

Get insights into user activity:

Your cloud security monitoring alerts on notifications will give you insight into what your users are doing. With the right tools, you can not only see how they log in, but user commands after authentication. This will help you defend against insider threats like data exfiltration.

Integrate your technologies:

Secure your cloud and SaaS applications by integrating them into your SIEM and EDR. You should have one centralized view of your environment—a single unoptimized tool will weaken your security posture. The more tech pivots needed to perform investigations, the slower and more clunky your remediation process.

Learn how to secure your SaaS applications with ReliaQuest >

STEP-BY-STEP CLOUD SECURITY

If you are in a multi-cloud or hybrid cloud environment (or anything other than a Provider Responsibility model), you are in charge of some aspect of your cloud security. Here’s an outline of the necessary steps to developing a functioning cloud security model of your own:

  • Establish baselines. Your team needs a consistent way of logging normal activity in the cloud. That way, they can scan for anomalies like “unusual user access, denies, API calls, or commands after authentication.” Without established norms in usage, it’s easy for things like credential stuffing and brute force attacks to lie unnoticed.
  • Develop a single standard. Getting on a single standard does several things. Not only does it make training easier, but it speeds up threat hunting and analysis by only requiring your teams to know one search language.
  • Automate. Automation allows your teams to bypass the data-gathering phase and go straight to investigation and remediation. Given the growing number of multi-cloud environments, this takes a heavy load off your security teams.
  • Measure visibility. Measuring the visibility of your cloud environments not only provides security benchmarks against which positive gains can be measured, but can also provide proof to secure funding, prove ROI, and make business decisions.

THE SECURITY BENEFITS OF CLOUD VISIBILITY

Again, you can’t protect what you can’t see. Invest in a solution that can keep pace with your organization’s maturity and a cloud environment that will only grow more complex over the next few years. Here are some benefits to achieving cloud visibility:

  • Reduce risk: Visibility gives you the first look into emerging threats and lets you take a proactive, not reactive, role in mitigating them.
  • Simplify cloud management: When you increase cloud visibility, your teams can search for threat patterns simultaneously across multiple cloud platforms (and their layered applications) instead of searching each one manually.
  • Speed up reaction time: When you couple visibility with automation, you can launch threat-hunting campaigns across all environments (instead of going one by one) and maximize your data-gathering capabilities.
  • Support threat hunting: Easily reexamine threat profiles across environments when you gain visibility of the cloud. Get a better look at behaviors and threat attributes.
  • Drive business value: When you can see indicators of compromise (IoCs) coming, you can proactively remediate them before they damage your security posture or your brand.
  • Use metrics to drive business decisions: You make the best business decisions with the best data, and if you’re lacking visibility into your cloud investments, you’ll be lacking insight into your best moves.

ReliaQuest Cloud Security

Utilize all the tools in your stack and consider ReliaQuest Open XDR-as-a-Service, GreyMatter. It’s like a “SOC-in-a-box” that’s designed to integrate with existing technologies—SIEM, EDR, email, cloud—to present a “single, complete view of threats.” And so much more. Other benefits include:

  • Force-multiply security operations with cross-platform detection and remediation
  • Receive unified and normalized data for faster threat hunting and response
  • Continuously optimize tools, controls, and detection content
  • Sort out irrelevant alerts so your teams can focus on doing, not finding
  • Work with technologies already in your stack and optimize your investments
  • Be everywhere at once with our GreyMatter user interface - from executing a response across vendor platforms, to killing a process on an endpoint.

With ReliaQuest, you can also find the cloud security that’s right for your particular environment—AWS, GCP, or Azure—and get a unified risk profile for your cloud and on-prem resources.