The cloud services you employ also affect the security tools protecting your data and applications. The primary cloud service models are Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS).
Cloud service providers adhere to a model of shared responsibility in regard to security. The cloud service provider keeps the components secure (software, computing, storage, database, networking, hardware, and infrastructure), while the customer keeps data and information safe. Depending on the service type, responsibilities can vary.
A SaaS provider supplies cloud-based applications to customers for a fee. A SaaS customer is typically only responsible for the security of components associated with accessing the software, such as access controls and network security. Information security in the cloud relies on a cloud-provided shared responsibility model.
The SaaS security architecture should include application security, identity and access management, and a cloud access security broker (CASB) to facilitate visibility, access controls, and data protection.
In a PaaS model, customers purchase platform use from a cloud provider to develop, run, and manage applications without managing the underlying infrastructure. The customer is responsible for the security associated with application implementation, configuration, and permissions.
A PaaS security architecture may require standard solutions, as well as less common solutions like a cloud workload protection platform.
IaaS requires customers to purchase the infrastructure from a cloud provider and install its own operating systems, applications, and middleware. As part of an IaaS model, the customer often is responsible for the security of any equipment it owns or installs.
IaaS security architecture components routinely include endpoint protection, a vulnerability management solution, access management, and data and network encryption.
Cloud security architecture allows businesses to utilize cloud services fully while limiting exposure and vulnerability. It is important to understand the shared responsibility model, know cloud security best practices, and implement the best approach to cloud security based on your needs, obligations, and risks.
Depending on your organization's cloud service, cloud security architectures can be complex. The time and skill required to develop a robust and effective security architecture should not be underestimated.