HC3 TLP White Analyst Note: Cloud Security - August 9, 2022

Executive Summary

When we refer to the cloud or cloud computing what we are really talking about is a server(s) that is accessed over the internet. Majority of these servers are stored through third party cloud service providers (CSP) at data centers which can be located anywhere in the world. Through this, companies can reduce their cost because they do not have to physically manage the servers or software for them. By using a CSP, providers and customer enter a shared responsibility for security. When it comes to cloud security, we usually refer to a set of policies, controls, and technologies that are working together to protect an infrastructure. Threats facing the cloud can vary, but the biggest concerns exist with internal threats such as human error, external threats from malicious actors, and the infrastructure itself. Since the cloud exist off-site the conventional methods of protection aren’t always effective. When protecting the cloud, we are attempting to secure the network, recover data, minimize human error, and reduce the overall impact of a compromise.

What is Cloud Security?

Cloud security is an area of cyber security that focus’ on protecting cloud computing-based systems. Properly securing cloud services begins with understanding what is being secured along with the system that is managing it. It is the combination of technology, protocols, and practices that protect these environments and applications operating in the cloud. Together they protect the system, data, and infrastructure. Securing this is a team effort between the cloud provider and their clients regardless of whether it’s a small or large business. These security measures are configured with the intent to protect data and customer privacy as well as setting up proper authentication rules for the individual users and devices. Through this, cloud security can be configured to meet the specific needs of a business. Since these rules can be configured and managed in one place, teams have increased availability to focus on other needs in their department.

What is the Goal of Cloud Security?

Cloud security measures are almost always working to achieve one or more of the following:

  • Recover data in the event of data loss • Ensuring the privacy of data across networks
  • Protect networks against malicious activity
  • Minimize human error that could cause data loss
  • Reduce the overall impact of compromises

The Shared Responsibility Model

Most organizations use a third-party cloud service provider to host their data and applications. Because of this cloud security becomes a shared responsibility between provider and customer. The security responsibility for each party is based off which cloud service they are using: Software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).

View the detailed report below 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
Microsoft Develops New Recovery Tool to Assist with CrowdStrike Issue Impacting Windows Endpoints
Public
Advisory
CrowdStrike Technology Outage Causing Global Disruption, Including Impacts on Hospitals
Letter/Comment
AHA Responds to CISA Proposed Rule on Cyber Incident Reporting Requirements
Public
Advisory
HHS Issues Alert on Critical Vulnerability in ‘MOVEit,’ File Transfer Platform Used by Health Care Sector
Public
Issue Landing Page
Support for your Cybersecurity Program
Special Bulletin
AHA Helps Secure New Cybersecurity Resources from Microsoft and Google to Assist Rural Hospitals
Public