Cloud Security vs. Security in the Cloud: What’s the Difference?
Similar sounding cloud security has a very different meaning
Cloud security and security in the cloud sound like they could be different ways of saying the same thing, but they are two separate forms of security.
The former refers the safety of the cloud itself for running applications, storing data and processing transactions. This is a concern of more companies as they try to leverage the low-cost advantages of cloud security solutions without compromising corporate or customer information.
Security in the cloud, on the other hand, refers to using the cloud to provide security solutions for an enterprise. Like sales (e.g., Salesforce.com) and other applications operating in the cloud, security in the cloud benefits from one installation for several users rather than the need to install the application on every end device.
Another advantage of security in the cloud is that it meets the hackers at their level. Hackers have changed the dynamics of their attacks. They are using the following to their advantage:
- Varied attacks targeting handheld devices, which typically don’t have the same level of security as a PC
- Social networking techniques to convince targets that emails and links offer benefits or that that they are from a trusted source (Some common strategies include emails telling the recipient he has won a fictional foreign lottery or a bank utility company asking the target for identifying information due to some type of technical outage. Large banks and utilities are targets due to their large customer bases. Note that financial institutions, utilities and similar companies will not ask for personally identifiable information via email.)
- Embedded viruses, spam and Trojans in images, PDF files and seemingly innocuous links
And the types and amounts of attacks are growing exponentially. There have been more malware attacks in the last 18 to 24 months than in the last 18 years.
In light of the variety and volume of attacks, IT is facing the daunting task of attempting to secure the growing number of endpoint devices that legitimate users.
Cloud-delivered security can secure, encrypt and archive email. The cloud layer can also filter internet access to prevent network users from downloading unapproved content.
Rather than attempting to protect each device, the better strategy is to operate the enterprise’s security at the cloud layer. This method meets the attacks on their level, rather than downloading the malware to a company’s network and trying to eradicate it there – a strategy that invites disaster.
Consider security in the cloud as the third and most evolved generation of security. The first generation was "security in a box," (i.e., a security program loaded onto each device). The second generation was security devices on the network; while still better than the first generation of protection, such a solution still may not stop malware until it’s already done some significant damage.
Security in the cloud provides protection anytime, anywhere, with more power and flexibility but takes the heavy lifting away from the user.
Among the advantages of security in the cloud is the ability to:
- Control and ensure that security measures like password protocols, firewalls and security patches are up to date
- Inform staff of latest security threats and strategies used by hackers
- Layered authorization to enable access to some network areas by customers, some by employees and wider access by managers
- Routing of all network requests such as email and server access through a centralized, protected connection that stays up-to-date with the latest security protocols, blocking any threats are blocked before they get to the network.
Cloud security solutions have been proven to work, with companies using this method reporting significant decreases in malware incidents, website compromises, data loss and data exposure, security related downtime, and audit deficiencies, according to a May 2010 study by the Aberdeen Group.
Turning to security in the cloud should be the first line of defense of an integrated security strategy. Implementing firewalls, strong passwords, built-in device security offered by manufacturers and staff education (e.g., protection of passwords and of devices themselves) are also essential elements of "defense in depth." Taking such a comprehensive approach helps ensure the security of the enterprise’s network. See the link for more information about security in the cloud.
By Phil Britt