Learn more on how to stay protected from the latest Ransomware Pandemic

What Are Cloud Service Providers?

Prior to the COVID-19 pandemic, the majority of organizations already had or planned to use cloud-based infrastructure. In the wake of COVID-19, cloud adoption has rapidly accelerated and cloud services have been at the core of organizations’ digital transformation efforts to support a remote workforce.

 

When moving to the cloud, selecting a cloud service provider – also known as cloud computing providers – can be difficult due to the variety of options available. Beyond the customizations and optimizations offered by different cloud services providers, an important consideration when evaluating cloud options is the aspect of cloud security.

Read Blueprint Request a Demo

What are Cloud Services?

Cloud services providers allow an organization to lease infrastructure from them rather than maintaining an in-house data center. These cloud services come in a variety of service models, including:

 

  • Infrastructure as a Service (IaaS): In an IaaS model, the cloud services provider supplies the infrastructure, and the cloud customer can install an operating system and use it to store data and run applications.
  • Platform as a Service (PaaS): A PaaS model reduces the cloud customer’s responsibility to their data and applications with the cloud service provider handling everything else.
  • Serverless: Serverless models allow development of applications with the cloud service provider providing and managing all aspects of the environment that the application needs to run.
  • Function as a Service (FaaS): A FaaS model enables a customer to write individual functions that run in response to certain events.
  • Software as a Service (SaaS): SaaS solutions, like Office 365, are software created and managed completely by the cloud service provider and made available to the customer.

 

A certain provider may only offer specific service models, and each provider’s implementation may be different. This means that certain providers may have specializations or optimizations that are more or less effective at meeting an organization’s specific business needs and use cases.

Selecting a Cloud Service Provider

One of the most important considerations when selecting a cloud services provider is whether a public or private cloud meets an organization’s business and security requirements. However, this does not have to be an either-or decision as hybrid and multi-cloud deployments enable a company to take advantage of the benefits of both public and private clouds.

Public Cloud

A public cloud deployment is hosted on shared infrastructure. The cloud service provider uses virtualization to host multiple different customers’ infrastructure on the same server while isolating these deployments from one another. Examples of public cloud service platforms include:

 

  • Amazon AWS
  • Microsoft Azure
  • Google GCP
  • Alibaba
  • IBM Cloud
  • Oracle

 

A public cloud deployment provides a number of advantages to an organization but has its downsides as well. Some important considerations when considering a public cloud deployment include:

 

  • Cost: Public cloud deployments are less expensive than private clouds. This is because the cloud service provider can distribute costs over multiple clients that are sharing the same infrastructure.
  • Flexibility: Public cloud deployments are implemented using virtualization. This means that an organization can spin up or take down services based upon business needs.
  • Scalability: The public cloud offers a high level of scalability. An organization can easily add additional capacity to its cloud deployment to support surges in demand or business growth.
  • Security: Public cloud deployments are hosted on shared infrastructure. While the cloud services provider isolates these co-hosted systems, this shared infrastructure introduces security risks for public cloud users.

 

Public cloud deployments offer a number of benefits when compared to hosting a data center on-premises. However, the unique environment of the cloud also introduces new security considerations.

Private Cloud

Like public cloud deployments, private clouds are implemented using infrastructure leased from a cloud services provider. Unlike a public cloud, a private cloud deployment is hosted on dedicated infrastructure. The most commonly used private cloud service providers include:

 

  • Cisco ACI
  • VMware NXI
  • OpenStack
  • Alibaba
  • Oracle
  • Salesforce

 

A private cloud deployment splits the difference between an on-premises data center and a public cloud deployment. Some of the important considerations associated with a private cloud deployment include:

 

  • Cost: Because it relies on dedicated infrastructure, private cloud deployments are pricier than the public cloud. However, they can be cheaper than an in-house data center because cloud services providers have the advantage of economies of scale for setting up and operating a data center.
  • Flexibility and Scalability: Since private cloud users lease dedicated infrastructure, the flexibility and scalability of their cloud deployment is limited. Private clouds are not as flexible or scalable as public clouds.
  • Security: Private cloud deployments are hosted on dedicated infrastructure. This eliminates many of the security concerns associated with sharing infrastructure with other, unknown cloud customers.
  • Regulatory Compliance: As data protection regulations grow more numerous and complex, regulatory compliance is an important consideration. It is often easier to demonstrate compliance with applicable regulations when using a private cloud as opposed to a public cloud deployment.

 

The choice of a private cloud reduces some of the cost, flexibility, and scalability benefits of the cloud as compared to a public cloud deployment. However, these downsides may be offset by the increased privacy and security that a private cloud deployment offers.

Hybrid or Multi-Cloud

An organization is not limited to the choice between a public and a private cloud deployment. Two other options are hybrid and multi-cloud deployments.

 

A hybrid cloud incorporates both a private and a public cloud. The use of private cloud infrastructure provides all of the security benefits of dedicated infrastructure, which can be invaluable for data security and regulatory compliance. On the other hand, a public cloud has a number of benefits in terms of cost, flexibility, and scalability. A hybrid cloud deployment uses both a public and a private cloud and allows data and applications to move between them as needed, providing the best of both worlds.

 

The diversity of options and the specializations of different cloud providers may mean that different platforms are best-suited to different use cases. As a result, many organizations adopt a multi-cloud deployment, where applications and data are hosted on the cloud platform that is best suited to them. This enables an organization to develo

The Challenges of Securing the Cloud

One of the main selling points of the cloud is that it allows an organization to outsource many of the responsibilities associated with its infrastructure to a third-party cloud services provider. However, transitioning to a cloud-based deployment does not mean that an organization gives up full control over its infrastructure or full responsibility for securing it.

 

Since a cloud services provider has full control over certain parts of the infrastructure that it leases to its customers, it also has the responsibility for securing these components. However, the customer is responsible for securing the parts of their infrastructure stack that remain under their control.

 

The breakdown of security responsibilities depends on the cloud services model that a customer selects. Cloud services providers delineate this breakdown in a Shared Responsibility Model. Based on the cloud services model used, a cloud customer can identify which security responsibilities are wholly theirs and which are shared with their cloud services provider.

 

Cloud services providers often offer tools designed to help their customers meet their security responsibilities, such as AWS Security Groups. However, these tools differ from one platform to another, and many cloud customers lack a full understanding of the shared responsibility model, their security responsibilities, and how to properly configure the available security settings.

 

This problem is exacerbated in multi-cloud deployments (which most organizations adopt), where an organization is responsible for learning to secure multiple different cloud platforms. As a result, security misconfigurations are the most common cause of data breaches and security incidents in the cloud.

Securing the Cloud

Securing cloud-based infrastructure can be difficult, and few organizations have the knowledge and expertise in-house to effectively secure multi-cloud deployments. Since the provided tools are often vendor-specific and many traditional security solutions do not work effectively in the cloud, it can be very difficult to achieve consistent visibility, threat detection, and security policy enforcement across an organization’s entire cloud-based infrastructure.

 

Partnering with a cloud security provider can help an organization to ensure that its move to the cloud doesn’t create additional security challenges and risks. A cloud security company offers an organization the tools and capabilities that it needs to secure its cloud-based infrastructure, which include:

 

  • Cloud Network Security: Organization’s cloud-based applications and data stores may interact with applications and users in the same cloud deployment, on other cloud-based platforms, and outside of the cloud entirely. Securing these communications requires north-south and east-west network visibility and security control. Check Point’s CloudGuard Network helps an organization to monitor and secure the network communications of their cloud-based resources.
  • Cloud Security Posture Management: Security misconfigurations are the leading cause of cloud security incidents. As organizations’ cloud deployments expand and adapt to meet business needs, oversights and mistakes can expose data and applications to attack. CloudGuard Posture Management monitors cloud security settings for dangerous misconfigurations, enabling the issues to be quickly detected and remediated.
  • Workload Protection: The use of containers, Kubernetes, and serverless applications is increasingly common in cloud deployments. These cloud-based workloads have unique security requirements that may not be met by integrated cloud security solutions. CloudGuard Workload provides granular visibility and security management for cloud-based workloads.
  • Web Application and API Protection: Cloud deployments are ideally suited to hosting web applications and APIs, but these resources can be easily exploited if not properly protected. CloudGuard AppSec uses artificial intelligence (AI) to identify and block attempted exploitation of cloud-based web apps and APIs, protecting them against even novel attacks.
  • Security Intelligence and Threat Hunting: Cloud security threats are constantly evolving, and organizations need robust threat intelligence to identify the latest attacks. Cloud security also requires support for threat hunting to enable analysts to efficiently and effectively identify and remediate intrusions within their cloud deployments. CloudGuard Intelligence provides an organization’s security team with the information and tools that it requires to perform threat detection and response in any cloud environment.

 

The cloud offers organizations several benefits, but it creates new and unique security risks as well. Check Point’s cloud security solutions support AWS, Azure, GCP, and all other major cloud platforms.

 

To learn more about the threats and challenges that organizations are facing in the cloud, check out Check Point’s 2020 Cloud Security Report. You’re also welcome to sign up for free trials of Check Point’s cloud security solutions to ensure that your move to the cloud doesn’t expose your organization to attack.

Recommended Resources


×
  Feedback
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO