Beginner-friendly Intro to Cloud Security
Have questions about cloud security? Don't know where to begin? No worries, I am going to break it down for you and introduce you to the world of cloud security, in a beginner-friendly way. We will begin with a quick overview of the cloud - including concepts, models, and vendors - then we will jump into Cloud Security and how to implement it properly across the different vendors. This series is aimed for individuals interested in a role in cloud security and breaks down some key concepts to give you some direction on how to get started on your learning path.
So if that's you, keep reading 😊
What you can expect from this series
Defining cloud computing, its advantages, and understanding the WHY.
Understanding the different types of cloud computing & cloud computing services.
Defining and understanding security in the cloud, how it differs from traditional security and some other concepts.
Understanding the leading Cloud providers and their security services.
Common terminology you should familiarize yourself with.
The different types of job roles you can do in the cloud.
It seems like a lot... because it is, but when broken down trust me the pieces begin to fall together. So with that being said...let's jump into defining some key concepts for you to begin learning about the cloud, aka cloud computing.
So what is cloud computing?
When you hear the term "the cloud" what people are referring to is cloud computing. So from here on out you can think of the two terms as synonymous. Cloud computing is when computing services - so think storage, databases, software, all of the things you can do on a computer, are being delivered to you over the internet. Typically, in the traditional way of computing that has been done since the beginning of the computer ages, the services I described would be delivered locally. Meaning you would access your database, your storage, any software you wanted to work on, all in-house by a local data center or on your device. Now, all you have to do is open your Chrome browser and all of these services are delivered within a few clicks.
Some advantages of being in the cloud.
Understanding the advantages of cloud computing is key for those looking to participate in cloud adoption for companies. Below are some of the most common key advantages that businesses need to understanding when thinking about moving their infrastructure and applications to the cloud:
Cost Savings: Businesses who take advantage of cloud services save a ton of money. Running your own data center requires some heavy up-front costs to a business - they have to pay for the building, the equipment, the security, basically everything that comes with properly running a datacenter. We all know that businesses exist to make a profit, so this advantage is pretty important because cloud services shift this heavy upfront cost to a pay-as-you-go model. To put it in more simple terms: as a business (or user!) of the cloud, you only pay for the services you use and have multiple payment options. So whether you need to spin up something for 1 day or 1 year, you only have to pay for whatever you build and when shut it down, you shut off your bill.
Increased Security: Security is a huge industry right now and naturally there are concerns about the security of an organization's assets when moving to the cloud. As a security professional you should be able to understand these concerns and understand how security in the cloud works. What is most important here is the concept of the shared responsibility model. This concept outlines who is responsible for what in the cloud - meaning instead of you solely being responsible for security, a portion of that burden is shifted to be the cloud service provider they choose. The business is still responsible for securing their data in the cloud - so think applications, identities (roles/the user) and access, client & server encryption - all of that good stuff. The cloud service provider handles things like physical access to the data center, making sure cooling is taking care of, a lot of the overhead is now being addressed by them.
Innovation & Competitive Advantage: Since your business is spending less time worrying about overhead and infrastructure woes, you now have more time to focus on its core business. In doing so, this accelerates the ability to innovate and bring new services or productions to fruition quicker, giving your business a possible edge over your competition. Now, your go-to-market is quicker and you able to adjust quickly by leveraging the agility, flexibility, and scalability the cloud offers you.
Other advantages include reliability, performance improvements, global scaling like literally the list goes on and on and we will be here forever. For more information about the advantages, you can read it here.
Though all these benefits are great and definitely hard to pass up for business wanting to stay relevant in today's economy, to me it is most important to understand the WHY a business is moving to the cloud and make sure you have a great understanding of your current environment. As much as the cloud solves problems, it can also open unwanted doors that could put your business at risk. So you want to begin this journey into cloud security by not only building a foundational understanding of cloud concepts and services, but also understanding how all of this relates to an organization's bottom line.
As a security consultant, one of the first questions I ask a business, who are in various stages of cloud adoption, is what is their goal? At the end of the day, what issue are they trying to solve with cloud adoption? The answer provided will help you understand how to better guide their journey - from picking the right cloud service provider, the correct cloud model, and identifying gaps in their strategy they might not have realized.
So that's your homework. Now that we defined what cloud computing is, and highlighted some advantages, go research some more about why a business would want to leverage the cloud and understand some use cases. Read through them and have the following questions in mind:
What is the business problem?
What technical solution was provided (you might not fully understand this yet but see if you can identify it)
Here, I can get you started. Click here to read a use case about why Target decided to migrate to Google Cloud. Let me know what you find out by leaving a comment below or tweeting me. (I love to hear how people's journeys are going)
In my next article, I will dive into understanding the different types of cloud computing (Public, Private, Hybrid) and the types of cloud services (IaaS, Paas, SaaS). Stay tuned.