Cloud Security vs. Security in the Cloud: What’s the Difference?

Similar sounding cloud security has a very different meaning

Cloud security and security in the cloud sound like they could be different ways of saying the same thing, but they are two separate forms of security.

Cloud Security vs Security in the Cloud

The former refers the safety of the cloud itself for running applications, storing data and processing transactions. This is a concern of more companies as they try to leverage the low-cost advantages of cloud security solutions without compromising corporate or customer information.

Security in the cloud, on the other hand, refers to using the cloud to provide security solutions for an enterprise. Like sales (e.g., Salesforce.com) and other applications operating in the cloud, security in the cloud benefits from one installation for several users rather than the need to install the application on every end device.

Another advantage of security in the cloud is that it meets the hackers at their level. Hackers have changed the dynamics of their attacks. They are using the following to their advantage:

And the types and amounts of attacks are growing exponentially. There have been more malware attacks in the last 18 to 24 months than in the last 18 years.

In light of the variety and volume of attacks, IT is facing the daunting task of attempting to secure the growing number of endpoint devices that legitimate users.

Cloud-delivered security can secure, encrypt and archive email. The cloud layer can also filter internet access to prevent network users from downloading unapproved content.

Rather than attempting to protect each device, the better strategy is to operate the enterprise’s security at the cloud layer. This method meets the attacks on their level, rather than downloading the malware to a company’s network and trying to eradicate it there – a strategy that invites disaster.

Consider security in the cloud as the third and most evolved generation of security. The first generation was "security in a box," (i.e., a security program loaded onto each device). The second generation was security devices on the network; while still better than the first generation of protection, such a solution still may not stop malware until it’s already done some significant damage.

Security in the cloud provides protection anytime, anywhere, with more power and flexibility but takes the heavy lifting away from the user.

Among the advantages of security in the cloud is the ability to:

Cloud security solutions have been proven to work, with companies using this method reporting significant decreases in malware incidents, website compromises, data loss and data exposure, security related downtime, and audit deficiencies, according to a May 2010 study by the Aberdeen Group.

Turning to security in the cloud should be the first line of defense of an integrated security strategy. Implementing firewalls, strong passwords, built-in device security offered by manufacturers and staff education (e.g., protection of passwords and of devices themselves) are also essential elements of "defense in depth." Taking such a comprehensive approach helps ensure the security of the enterprise’s network. See the link for more information about security in the cloud.

By Phil Britt