Cloud security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.
Cloud computing and storage provides users with capabilities to store and process their data in third-party data centers.
Organizations use the cloud in a variety of different service models with acronyms such as SaaS, PaaS, and IaaS and deployment models private, public, hybrid, and community.
Security concerns associated with cloud computing fall into two broad categories: security issues faced by cloud providers organizations providing software-, platform-, or infrastructure-as-a-service via the cloud and security issues faced by their customers companies or organizations who host applications or store data on the cloud. The responsibility is shared, however. The provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures.
When an organization elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. According to a recent Cloud Security Alliance report, insider attacks are the sixth biggest threat in cloud computing.