® 
Cloud Security
Definition
Cloud security encompasses all technologies, policies, and procedures that protect cloud environments. It covers both the security of cloud infrastructure and the data and applications hosted in the cloud.
Cloud security encompasses all technologies, policies, processes and best practices that protect cloud environments against cyber threats, data leakage and unauthorised access. According to Gartner, through 2025 99% of all cloud-related security incidents will be the customer's fault, not the cloud provider's.
How does cloud security work?
Cloud security operates according to the shared responsibility model. The cloud provider (AWS, Azure, Google Cloud) is responsible for security of the cloud infrastructure: physical datacentres, hypervisors, network and storage. The customer is responsible for security of everything running in the cloud: data, identities, applications, configurations and access management. The exact distinction varies by service model: with IaaS the customer has the most responsibility, with SaaS the least.
Cloud security challenges
Misconfigurations are the primary cause of cloud security incidents: publicly accessible S3 buckets, overly permissive IAM rights, missing encryption and unsecured databases. Multi-cloud environments increase complexity as each provider has different security tools. Shadow IT creates unmanaged risks. The speed of cloud development can outpace security processes.
Impact on organisations
Cloud migration is inevitable but increases the attack surface if security does not evolve alongside it. NIS2 requires adequate cloud environment security. ISO 27017 provides specific cloud security guidelines supplementing ISO 27001. DORA sets requirements for third-party ICT risk management including cloud providers.
Protection
Implement CSPM for continuous cloud configuration monitoring. Apply IAM policies based on least privilege. Encrypt all data at rest and in transit. Use Cloud Workload Protection Platforms. Monitor cloud activity via SIEM. Conduct regular Cloud Security Assessments. Implement Zero Trust principles in the cloud.
How DEFION helps
DEFION conducts Cloud Security Assessments evaluating the security configuration of AWS, Azure and Google Cloud environments. Pentests test whether cloud resources are externally vulnerable.