What is Cloud Security?

A definition of cloud security begins with defining cloud computing. An industry accepted resource used to define cloud computing derives from the U.S. Department of Commerce – National Institute of Standards and Technology (NIST). NIST defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” (NIST Special Publication 800-145).

The five essential characteristics of cloud computing:

1. On-demand self-service
2. Broad network access
3. Resource pooling
4. Rapid elasticity
5. Measured service

The three service models of cloud computing include:

1. Software as a Service (SaaS)
2. Platform as a Service (PaaS)
3. Infrastructure as a Service (IaaS)

Finally, the four deployment models for cloud computing include:

1. Private
2. Public
3. Hybrid
4. Community

Where Does Cloud Security Start and End?

Cloud security is the ecosystem of policies, standards, processes, controls, and technologies that aim to secure cloud computing resources - the networks, data, applications, and services - as described in NIST SP-800-145. With so many stakeholders within this ecosystem, a consensus on best practices for cloud security will take more time to mature. Cloud security will mean something different to each organization depending on their cloud strategy. Even if cloud service customers comply with every single standard around cloud security - and there are many - it does not eliminate all risk when interacting with cloud service providers.