By Bill Hess, Founder of Pixel Privacy
Cloud computing started a long time ago in the 1960s. The technology has come a long way ever since and has changed our lives, as well as the business landscape.
Investopedia defines cloud technology as follows:
“Cloud computing is a method for delivering information technology (IT) services in which resources are retrieved from the Internet through web-based tools and applications, as opposed to a direct connection to a server.”
Over the course of many years, cloud technology has transformed from a technology that progressive companies “could” adopt to a technology that is paramount for businesses and the IT landscape that we know today.
The second most important milestone, after the first arrival of cloud computing in 1960, dates back to 1999, when Salesforce introduced a concept of an enterprise application hosted on a website. From that moment on, Salesforce has been a leading business in the CRM industry with cloud-based applications.
Another significant milestone in Software-as-a-Service (SaaS) was the introduction of browser-based applications through various services in 2009. G Suite is an example of that era.
In its first period, cloud technology wasn’t very advanced – all you had was a machine and a password. You needed IT specialists to set up many aspects of the technology in order to have it running. Demand and supply has shaped the technology over the years to tailor it to personal needs and market demand.
Let’s take a look the security controls of cloud technology, how cloud technology has evolved over the years and how it remained secure.
Cloud technology comes with certain security controls in order to provide the highest level of security and safeguard the system. There are too many different types of security controls to list them here. Luckily, Wikipedia has created four categories in which it claims most security controls can be found in.
1. Deterrent Controls
Security controls in this category are designed to reduce attacks on the cloud. Think about a warning message of potential threats or attacks, similar to an antivirus software tool. The software has made huge steps to predict certain threats and/or malware attacks on the system.
Obviously, this will be a “never-ending battle,” because hackers constantly look for new vulnerabilities, and exploit and new written scripts to infiltrate systems. It’s basically a cat-and-mouse game but the cloud providers have shown a lot of improvement in regard to safeguard systems against sophisticated attacks.
2. Preventive Controls
Preventive security controls are mainly designed to enhance the cloud system against incidents. Controls in this category try to eliminate any vulnerabilities or loopholes within the cloud system.
User authentication and identification has been a major development in the cloud technology, as better technology is able to ban unwanted snoops and hackers from getting into the system. Especially two-factor authentication and device authentication has strengthened this aspect significantly because, generally speaking, you’ll need some sort of physical device to generate a unique and time-bound password.
Data owners can restrict certain areas of the cloud to certain users. For example, with Google Drive, you can choose who can access a file and who’s not even able to see it. This is especially handy when you work with many people on a project but, for example, only a few are allowed to check the financials.
3. Detective Controls
Security controls in this category are designed to detect and respond to any internal incident or a breach into the server, for example. These controls basically communicate certain commands to other controls to address issues or respond to the threat of a hacker. Think about monitoring, intrusion detection and quick response features.
At this point, intrusion detection and monitoring is similar to how antivirus software works, which can recognize a certain threat because the characteristics of the threat (in code) are listed in a database. The successful detection rates have also increased over the years, even though the number of attacks have also increased.
There are companies out there that use Big Data and AIs to develop extremely advanced detection tools that can identify a threat very quickly because it’s able to detect an odd change in behavior in the cloud.
4. Corrective Controls
Corrective security controls limit the damage on a cloud network. This means that these controls are responsive tools, because they’re only used in case of an actual attack on the cloud. System rollbacks, backups and data restore tools are mainly found in this category.
Especially the data backup has experienced strong improvements as backups are getting easier to create and the technology also allows users to create backups of their own data.
Furthermore, advanced encryptions models such as attribute-based, CP-ABE, KP-ABE and FHE which have been implemented into cloud technology to encrypt every single piece of data, be that stored data or in transit. Thus, the data is transformed into ciphertext (unreadable text). So, even if a hacker would obtain it, the data is useless unless the hacker also manages to steal the decryption key.
About the Author
Bill Hess is the founder of PixelPrivacy.com, a blog about making the world of online security accessible to everyone. He prides himself in writing guides that he’s certain even his own mom could read!