- Organisations provide applications to end users via a cloud platform managed by a third party in a private cloud setup.Developers can develop, run, and manage applications on the cloud without managing underlying server, storage, and network infrastructure.
- Ensuring data processing adheres to legal and regulatory standards such as GDPR and HIPAA.Risks include misconfiguration, unauthorised access, and potential data breaches affecting sensitive information.
Cloud computing, often called “the cloud,” delivers storage, computing resources, and software services over the Internet. Service models include SaaS for applications, PaaS for development, and IaaS for infrastructure. Businesses must ensure data privacy compliance and guard against risks like data breaches, unauthorised access, malware, and cyber attacks to secure their assets effectively.
Also read: Which 2 are benefits of oracle cloud infrastructure transit routing?
Also read: 3 key impacts of cloud computing on security operations
What is cloud computing?
Cloud computing, often referred to as “the cloud”, is a service model provided through the Internet, including storage, computing resources, and software services. Through cloud computing, enterprises can reduce costs, accelerate deployment, and achieve large-scale business development. Cloud security is a branch of network security that focuses on protecting cloud computing systems and related services. It covers a range of technologies, policies, services, and security controls designed to protect an organisation’s sensitive data, applications, and the overall security of the cloud environment.
Cloud computing services
Cloud computing can be divided into three main ways based on the services provided by the organisation to customers:
1.Software as a Service (SaaS): This is a cloud application service where the organisation provides applications to end users through a cloud platform. A third party is responsible for managing and delivering these applications in a private cloud environment.
2. Platform as a Service (PaaS): This is a cloud platform service that allows developers to develop, run, and manage applications on the cloud without having to worry about the underlying server, storage, and network management. The organisation or a third party is responsible for providing these infrastructure services.
3. Infrastructure as a Service (IaaS): This service model provides a complete computing infrastructure, including virtualised servers, storage, networks, and other basic services, which are deployed in a private cloud. Organisations can use these resources as needed without having to manage and maintain physical equipment themselves.
These cloud service models provide organisations with flexibility, scalability, and operational efficiency through different levels of abstraction and responsibility allocation, promoting the widespread application and adoption of cloud computing in modern IT environments.
Existing risks
When businesses host their data in the cloud, the IaaS provider is responsible for protecting the security of the infrastructure, while business owners are responsible for protecting their own data. The following are the main risks that business owners may face:
1.Data privacy compliance: Ensure that data processing complies with applicable laws, regulations and industry standards, such as GDPR, HIPAA, etc.
2.Data leakage: Data leakage may occur due to misconfiguration, unauthorised access or other security vulnerabilities.
3.Unauthorised access: Unauthorised users or malicious attackers may gain unauthorised access to data.
4.Malware infection: Malware or viruses may infect data and systems in the cloud environment, posing a threat to data security.
5.Cyber attacks: Including DDoS attacks, phishing and other cybersecurity threats, which may affect the availability of cloud services and the integrity of data.