While most organizations have enthusiastically adopted the cloud due to the numerous benefits that it provides, the cloud also comes with unique security challenges. Understanding the different types of cloud services and cloud deployments is essential to effectively securing cloud-based infrastructure.
With a cloud service, an organization outsources some of its infrastructure stack. Rather than maintaining an on-premises data center and managing everything from the physical components up, the organization leases certain resources or functionality from a cloud services provider.
The ability to abstract away certain parts of an organization’s infrastructure and assign the responsibility to a third-party provider provides a number of benefits to a cloud services customer, including:
In an on-premise data center, an organization is completely responsible for every level of its infrastructure. It operates the servers that host its data storage and applications and the network infrastructure that enables it to communicate.
Cloud services use virtualization technology to allow an organization to outsource these responsibilities to a third-party provider. The cloud services provider deploys, configures, and maintains the physical devices that host an organization’s cloud-based services. The customer then leases the use of this infrastructure.
This is made possible by the use of virtualization. With virtual machines (VMs), a cloud customer can use a virtualized computer that is functionally identical to a physical one. However, virtualization enables a cloud provider to operate multiple different isolated systems on the same physical infrastructure and move these virtualized appliances between servers and data centers as needed. This is the source of many of the benefits of cloud services.
A cloud services provider allows their customers to lease some portion of an infrastructure stack. The division of responsibility between the service provider and the customer depends on the cloud services model in use. The available options include:
In addition to the varying cloud services models, an organization can also take advantage of different cloud deployment models. The two basic types of clouds are public and private, but an organization has a few different deployment models to choose from.
In a public cloud deployment, an organization shares leased infrastructure with other cloud customers. A single server may support multiple different cloud deployments isolated from one another by software.
These deployments provide a number of benefits – including cost, flexibility, accessibility, and scalability. However, the use of shared architecture can create challenges for security and regulatory compliance.
Vulnerabilities in the software used for VM isolation or the shared hardware may be exploited to allow attackers to gain access to or visibility into other systems hosted on the same shared server.
A major driver for the adoption of cloud services is the desire to outsource the responsibility for managing infrastructure. An in-house datacenter can be a significant investment and may require expertise and resources that lie outside of an organization’s core capabilities.
A private cloud deployment provides an organization with outsourced infrastructure that carries fewer security considerations than a public cloud deployment. Private cloud deployments are hosted on dedicated infrastructure not shared with any other cloud customers.
This provides a higher level of security but can come at the cost of increased price and decreased flexibility and scalability. Since private cloud customers are leasing dedicated infrastructure, they pay based on the amount of dedicated infrastructure not the amount of resources consumed.
The hybrid cloud deployment model mixes a public and private cloud. An organization can store sensitive data and run applications on a private cloud but share these data and applications with their public cloud deployment when needed.
A hybrid cloud provides a balance between the security of the private cloud and the benefits associated with a public cloud. An organization can protect sensitive data at the level required for regulatory compliance but can place non-sensitive data and applications on the public cloud, which offers improved cost, flexibility, and scalability.
Different cloud services providers have optimized their infrastructure and services to address different use cases and target different markets. Most organizations have adopted a multi-cloud infrastructure in which they use the services of multiple different cloud providers. This enables these users to take advantage of the unique features and benefits provided by each cloud service provider.
However, a multi-cloud deployment can also complicate the security of an organization’s cloud environment. The use of multiple different platforms with a variety of provider-specific security tools and configuration settings can make consistent security policy enforcement difficult if a provider-agnostic cloud security solution is not in place.
Check Point’s CloudGuard is a security solution specifically designed for the cloud. It provides a number of cloud-focused security features, including:
To learn more about the cloud security threats that CloudGuard helps to protect against, download Check Point’s 2020 Cloud Security Report. To learn more about designing effective cloud security, check out this cloud security blueprint. You’re also welcome to request a free demo to see CloudGuard in action.