Maintain control over your data with cloud security

With the right strategies, technologies and processes, you can effectively protect your cloud environment. In this article, you will learn which cloud security principles are really important, what challenges exist and what measures you can take to minimise vulnerabilities. From the shared responsibility model to zero trust, gain valuable insights and practical tips.

Cloud security encompasses measures, technologies and guidelines aimed at protecting cloud computing systems, data and applications from cyber attacks, data loss and unauthorised access. The goal is to ensure the confidentiality, integrity and availability of information in the cloud. This includes protecting data, securing the cloud infrastructure, and monitoring and defending against threats.

Key elements of cloud security are data security, identity and access management (IAM), threat detection and prevention, and compliance with data protection and compliance requirements. The key to effective cloud security lies in a combination of technical solutions, organisational measures and a sound risk assessment.

Cloud platforms make it possible to provision IT resources such as servers, databases or storage space within minutes instead of weeks or months. No wonder, then, that a large proportion of IT workloads are now in the cloud.

To keep the time from product idea to market launch (time-to-market, or TTM) as short as possible, responsibility for cloud services often lies directly with the development teams. However, with accelerated deployment and the shift of tasks, the risks are also increasing. Security, which used to be managed centrally, must now be considered directly by the development teams. Without clear methods and tools, security gaps can arise in this fast-paced environment. At the same time, emergency response must be holistic, as incidents must be correlated across team boundaries to address the threat.

This becomes even more relevant when you consider that hardly any part of the value chain functions without IT support these days. IT systems are the backbone of modern business processes, which is why cyber risks are no longer just technological challenges. They affect the entire company and, in the worst case, can threaten its very existence. Security gaps in the cloud can therefore not only lead to data loss, but also to reputational damage, financial losses or legal consequences. This makes it all the more important to anchor cloud security as an integral part of corporate strategy.

With guidelines such as NIS2, DORA and CRA, additional regulatory drivers for cloud security are coming into play. They aim to encourage companies to implement appropriate security measures. However, they do not create a new requirement, but rather reinforce the existing need to proactively secure cloud systems and thus minimise business risks.

Cloud technologies enable companies to work flexibly, quickly and scalably. However, these advantages also come with new security risks. Cloud computing security therefore faces a number of challenges, which we will outline in more detail below.

But first, the good news: all of these challenges can be overcome. With the right combination of technical tools, a well-thought-out setup and targeted training and consulting, many risks can be effectively reduced. This is because most security incidents are not caused by sophisticated hacker attacks, but by human error – which can be avoided if the right knowledge, processes and tool support are in place.

Incorrectly configured cloud services are among the most common causes of security problems in the cloud. Unprotected data storage, unmodified default passwords and unactivated encryption are examples of errors that can have devastating consequences.

The cloud makes it possible to provision infrastructure and services in a very short time – a clear advantage for agility and speed in modern DevOps environments. But it is precisely this dynamic that also harbours risks. The infrastructure is often set up by people who have development skills but may not have sufficient experience in IT security. This leads to security aspects being neglected or implemented incorrectly.

A typical problem in terms of cloud security is misconfiguration, which opens the door to attackers. Examples of this include:

• Lack of encryption: If communication between services is not encrypted, data can be easily intercepted.
• Inadequate network segmentation: If the cloud environment is not divided into separate network segments, attackers who find an entry point can move throughout the entire network.
• Irregular updates: If systems, applications or workloads are not updated regularly, known security vulnerabilities remain, which attackers can exploit.
• Forgotten admin accounts with default passwords: These accounts give attackers direct access to critical systems.
• Lack of logging and monitoring: Without proper logging and monitoring of security-related events, attacks often go unnoticed.

Identity and access management (IAM) is a key challenge in cloud security. The multitude of cloud services leads to a flood of user roles and access rights that are almost impossible to manage manually.

User roles are often defined too broadly, resulting in unnecessary or dangerous permissions being granted. This increases the risk of insider threats or attacks via compromised accounts. The situation becomes particularly critical when there is no clear separation of access rights and all users can access all data. Generic access rights are often the result of developer convenience or misguided attempts to keep operations running smoothly. At the same time, they are a goldmine for phishing attacks and other cyber threats.

Cloud environments are a popular target for hackers who exploit vulnerabilities such as configuration errors, insecure interfaces or excessive access rights. They gain access to sensitive data or control cloud resources via unsecured ports, APIs and user accounts. Since cloud systems are highly interconnected, attackers who have gained access to the network can spread laterally to other systems.

One of the most common external threats is ransomware attacks. Attackers encrypt data and make it inaccessible until a ransom is paid. Backups and recovery mechanisms are often deliberately disabled, making data recovery considerably more difficult.

Another risk arises from the use of infected or inadequately patched third-party services or libraries within your own software. Supply chain attacks exploit these vulnerabilities at partners to sneak into the target company's systems.

Modern IT infrastructures increasingly consist of hybrid or multi-cloud environments that connect local systems, private clouds and public clouds. Each platform has its own security standards and models. This makes it difficult to implement a uniform security strategy. However, with modern technologies and the right approaches, such a strategy can not only be successfully implemented, but also designed better than ever before.

In addition, companies use a wide variety of services and applications, which further reduces clarity. However, knowing which services are active when and where is crucial to preventing supply chain attacks and responding appropriately in an emergency.

Added to this are short-lived resources such as containers and serverless functions (FaaS), which are dynamically created and removed again. Traditional security approaches based on static environments reach their limits here.

Companies must ensure that their data is stored and processed in accordance with legal requirements. Depending on the company, location and type of data processed, regulations such as the EU General Data Protection Regulation (GDPR), the Health Insurance Portability and Accessibility Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI DSS) apply.

Failure to comply with compliance requirements can have serious consequences, ranging from heavy fines to loss of reputation. In the EU in particular, violations of the GDPR can be punished with fines of up to £20 million or four per cent of global annual turnover.

The shared responsibility model is a fundamental concept in cloud security that clearly defines the responsibilities between you as the customer and the cloud provider. It distinguishes between security of the cloud (the provider's responsibility) and security in the cloud (your responsibility as the customer). But what does that mean in concrete terms?

The cloud provider ensures the security of the infrastructure, including hardware, software, networks and physical locations. As the customer, you are responsible for how you use the services provided. This includes securing your own data, access and permissions, as well as managing guest operating systems, updates and patches.

The model is crucial for avoiding security gaps and meeting compliance requirements. Without a clear division of responsibilities, misunderstandings could arise about who is responsible for which security measures. The first step is to check which security tasks you need to take on. Responsibilities may vary depending on the type of service (IaaS, PaaS, SaaS).

Perimeter security protects corporate networks with firewalls and VPN systems by drawing a clear line between trusted internal systems and external threats. This model was long considered the standard, as employees mainly worked on-site and data was stored within a sealed network. However, it was never completely effective, as it offers no protection against misconfiguration or internal threats. With the digital transformation, cloud-native technologies, home offices and mobile devices, these boundaries have become even more permeable.

Today, users access data and applications via public networks or private devices, often outside the protected perimeter. In the era of cloud technologies, perimeter security is therefore no longer sufficient to protect companies effectively. The key to effective security in the cloud lies in the introduction of a robust zero trust approach.

Zero Trust is based on the fundamental principle: ‘Trust no one, verify everyone.’ Every request, regardless of whether it comes from the internal or external network, is checked for authenticity and security. This means that there is no automatic trust based on a specific location or network. Zero Trust aims to protect data, applications and systems as best as possible from internal and external threats. The approach minimises the risk of security breaches, as every access request undergoes strict checks and only the most necessary permissions are granted. A strong identity base plays a central role in this. This means that access is no longer granted based on the origin of the request, but rather on the identity of the person making the request.

Solid identity and access management (IAM) is one of the cornerstones of cloud security. Careful management and monitoring of user accounts and their access rights can significantly minimise security risks. A strong IAM foundation starts with creating a central source for unique identities. Ensure that all user accounts are clearly defined and traceable. This prevents confusion and facilitates consistent management. Avoid group accounts, as these can make traceability difficult and create potential security gaps. Instead, rely on individual accounts with tailored permissions. This ensures that new permissions are only granted when necessary and that outdated rights are revoked immediately.

You can further strengthen security in the cloud with proven IAM measures:

• Mutual authentication: This ‘two-way authentication’ ensures that the client and server authenticate each other before a connection is established. The server presents a certificate that the client verifies. Conversely, the client authenticates itself using its own certificate, login details or cryptographic keys. This mutual verification protects against attacks and ensures that only trusted parties can communicate with each other.
• Least privilege: The principle of minimum rights restricts users or applications to accessing only the resources they actually need for their tasks. This reduces the attack surface and minimises the risk of unauthorised activities. Since only limited access rights exist even in the event of an attack, the least privilege principle limits the potential damage and makes it more difficult for attackers to access critical resources.
• Multi-factor authentication (MFA): This measure requires users to confirm their identity using at least two independent factors. An example of this is the combination of a password and a smartphone token. This significantly increases access protection, even if passwords are compromised.

End-to-end encryption is one of the most effective measures for protecting data in the cloud. Encryption involves converting readable data into unreadable code using an algorithm. This code can then only be decrypted with the appropriate key.

Data in the cloud must be protected both at rest (e.g. on servers) and during transmission (e.g. between servers or devices). The highest risk of data theft occurs during transmission. Transport Layer Security (TLS) is often used here to ensure that data cannot be intercepted or manipulated.

Another popular encryption concept is end-to-end encryption (E2EE). End-to-end encryption (E2EE) ensures that data remains encrypted throughout its entire transmission path and can only be decrypted by the sender and recipient. This method offers maximum protection, as neither the cloud provider nor potential attackers have access to the encryption keys.

Another key component of cloud security is effective security monitoring. You can draw on various security solutions that detect and (proactively) remedy security threats.

SIEM and SOC

While Security Information and Event Management (SIEM) monitors security-related events in real time, detects threats and issues automated alerts, the Security Operations Centre (SOC) is responsible for analysing and prioritising these incidents and initiating targeted responses.

SIEM solutions collect and analyse data from various sources such as servers, applications, end devices and networks. Using artificial intelligence (AI) and predefined correlation rules, SIEM detects anomalies and suspicious activity. A central dashboard provides SOC analysts with an overview of security-related events, including anomalous usage patterns, changes to critical system files or failed login attempts.

The SOC acts as a central control centre where cyber security experts monitor and analyse the alerts generated by the SIEM and respond to security incidents. The SOC is usually staffed 24/7 and ensures that threats are quickly detected and defended against. By working with specialists such as IT forensic experts, incident responders and threat hunters, the SOC is able to handle even complex incidents efficiently.

Security alerts can be configured with predefined rules so that appropriate measures can be taken immediately in the event of potential attacks. Such automated response measures minimise response times and ensure greater security in the cloud.

When selecting SIEM and SOC tools, integration into existing IT environments plays a crucial role. Solutions that can be seamlessly linked to existing systems enable faster and smoother operation. Cloud providers often offer suitable solutions themselves that are specifically tailored to integration into the respective cloud environment.

XDR

Anyone involved in threat detection and prevention in the context of cloud security will also need to consider extended detection and response (XDR). XDR combines the monitoring and protection of endpoints, networks, cloud services and user activities on a single platform. Unlike point security solutions, XDR provides a holistic view of threats by correlating security data from different sources.

A key advantage of XDR is its use of AI and machine learning, which enables threats to be detected even without predefined rules. This reduces false alarms and enables automated responses to attacks.

Compared to SIEM, XDR goes beyond mere logging and focuses on proactive threat detection and automated defence measures. SIEM, on the other hand, focuses primarily on logging, compliance and manual analysis.

A solid backup strategy is essential to prevent data loss due to cyber attacks, system failures or human error and to quickly restore business operations in the event of an emergency. Configure your backup systems so that backups are performed regularly and automatically. Backups should be stored in multiple independent locations. You can use local servers, external hard drives or other cloud solutions for this purpose. If you opt for a cloud-to-cloud backup, make sure that the cloud providers you use do not share infrastructure. Otherwise, there is a risk that both the primary and backup data will be affected in the event of a failure.

A crucial factor for an effective backup strategy is regular testing of the recovery process. Only what has been practised and tested will work in the event of a disaster. These tests should not be carried out in isolation, but integrated into the overall system, as unexpected problems often arise in complex IT environments. Errors often arise from the interaction of several factors or process participants, which can only be identified through integrated testing. Regular and comprehensive recovery tests ensure that backup processes run smoothly in an emergency.

However, backups alone are not enough to maintain business operations in the event of a disaster. Disaster recovery (DR) encompasses measures for the rapid recovery of applications, servers and networks after incidents such as cyber attacks, hardware failures or even natural disasters. A commonly used solution is disaster recovery as a service (DRaaS), in which servers and data are duplicated in an external data centre by a third-party provider.

You should also develop a detailed disaster recovery plan (DRP) that includes specific technical steps and priorities for restoring operations. However, an effective DR plan goes beyond technical measures. The necessary communication and control processes for emergency procedures are also essential. These include clear instructions for internal and external communication and the definition of responsibilities for crisis management.

In addition to the basic principles of cloud security, there are three other key measures that can significantly strengthen your cloud computing security.

Before implementing cloud security measures, you should conduct a comprehensive threat and risk analysis. This is the only way to identify the actual threats to your cloud environment and where the biggest security gaps lie. Based on this, protective measures can be deployed where they offer the greatest benefit – and in a cost-efficient manner.

With effective vulnerability management, you can ensure that vulnerabilities in your cloud environment are detected and remedied at an early stage. Regular scans, security checks and automated patch management significantly minimise the risk of cyber attacks. This allows you to proactively protect your systems from threats before attackers can exploit vulnerabilities.

Selecting the appropriate cloud provider is critical for the security of your data and compliance with legal requirements. Therefore, pay attention to the certificates and security standards that the provider meets. Important certifications that indicate a high level of security include:

• C5
• CSA STAR
• SOC 1/2/3
• ISO 27001
• ISO 9001
• NIST

In future, the NIS2 Directive will also play an important role, as it imposes additional security requirements on operators of critical infrastructure.

Another decisive factor is the location of the cloud provider. The location of the data centre determines which data protection law applies to your data. You should therefore choose a provider that not only meets the necessary certificates and security standards, but also ensures that your data is stored in a region that meets your company's data protection requirements.

One of the biggest weaknesses in cloud computing security is the users themselves. That is why regular training for employees and development teams is essential. Training reduces security gaps caused by ignorance. Training should be conducted by IT security experts, internal security teams or external specialist providers.

It is particularly important that developers and cloud operators understand how threats and attacks are structured and how they work. Only with this knowledge can systems be designed and operated that minimise the risk of infection, prevent attacks from spreading and enable a rapid response. While employees are primarily made aware of general security risks, developers need a deeper understanding of how attackers think and which attack paths are used. This change in perspective makes it possible to identify and close potential vulnerabilities at an early stage.

Cloud security requires more than just the use of individual security products – it must be understood as a holistic security approach. Perimeter security alone is no longer sufficient in modern cloud environments. Instead, the zero trust approach applies: ‘Trust no one, verify everything’ – regardless of device, location or network.

Comprehensive security in the cloud is achieved through security by design. To do this, the following three aspects must be considered from the outset and continuously monitored:

1. Risk-based prioritisation of security measures
2. Mutual authentication and zero trust
3. Clean processes for monitoring Maintenance, backup and patching of systems

Also review all decisions relating to the shared responsibility model. This will ensure clear responsibilities and that there are no gaps in your security measures.

The good news is that the necessary tools for effective cloud security are already available. They just need to be configured and used correctly. Companies that rely on proactive security measures not only protect their data and infrastructure, but also their competitiveness and reputation.