Busting cloud security jargon

Businesses have always had to interact with complicated technologies. But today, the world of cloud computing and cloud security has reached new heights of specialisation.

This can lead to a situation where businesses don't fully understand the implications of the security products they're deploying.

At Ascend, we want our customers to understand our services. That's why we've put together this handy glossary of cloud security terms. We hope it sheds some light on this essential part of modern business life.

Cloud access security broker (CASB)

Back in the days when business was largely done on local area networks, the constituent parts of the network were fixed. There were 23 desktop computers in the office, say, and 23 members of staff.

Fast forward to 2024. Networks are vast, sprawling things, even if there are still only 23 employees. Why? Because the age of the cloud is the age of hybrid working and "bring your own device". Now, those staff are accessing corporate data on multiple devices in multiple locations.

Naturally, this has created novel security risks. A cloud access security broker (CASB) mediates between the cloud provider and network users to enforce security policies and ensure that the network is a members-only club.

DevSecOps

For some time now, DevOps has been a buzzword in the tech world, bringing together Dev and Ops to streamline and speed up the production and deployment of apps.

DevSecOps throws security into the mix. This is to ensure that security is as integral to the development process as oxygen is to water. It does this by including security assessments and vulnerability tests at the earliest possible opportunity.

DLP (data leak prevention)

Once upon a time, classified information was the preserve of governments, the military and international men of mystery. Today, even the kebab shop on the corner has to handle sensitive data – because if customer data gets leaked, companies have to pay under GDPR.

Data loss prevention (DLP) is an umbrella term that covers both software and business mindsets. It seeks to detect and prevent data loss to avoid a costly and disruptive breach.

Identity and access management (IAM)

"Who goes there – and what do you want?"

IT needs a way of answering these questions to prevent unwanted access. Identity and access management (IAM) does this in two ways.

First, it checks login attempts against an identity management database. This database contains an updatable list of everyone who needs access, whether directly employed by the company or a third party.

This is typically bolstered with multifactor or two-factor authorisation – a way of verifying people that should be familiar to anyone who does online banking.

The second half of IAM is access management. This monitors which resources the person is permitted to access. Not everyone needs access to everything – a simple maxim not always lived by. With IAM, a user's job title, security clearance and project role will determine what they get access to.

ISO 27001

The business world is international. Well, sure – you might as well say that ice cream is nice on a summer's day.

But while the statement is obvious, it has ramifications for security. If different countries have different compliance and security standards, how can a multinational company ensure its data is protected from pole to pole?

ISO is an organisation that creates, in its own words, "global standards for trusted goods and services". It lays out ground rules for everything from environmental management to quality control.

ISO 27001 is the international standard for information security management. If a company is compliant with ISO 27001, you can count on its commitment to cyber security.

Shared responsibility

"Who's responsible?" is a crucial question in all aspects of business life – and one which has only become harder to answer as enterprises embrace freelancers, third-party consultants and collaboration as the norm.

In the realm of the cloud, who is king? Well, it depends on your cloud service model. If you run and manage your own data centre, you're responsible. But if you use a cloud provider, you're now part of a "shared responsibility" model.

Exactly how the responsibilities are split will depend on the service model you use. Differences exist between SaaS, PaaS, serverless and containers. But in all cases, you need to know your responsibilities as well as your rights to ensure a robust security posture.

Technically enforced separation

When you work with a cloud provider, you're renting compute resources. You pay for what you need and they pay for maintenance and infrastructure.

But "renting compute resources" has the potential to be a misleading phrase. You're not getting dedicated resources. Instead, you're tapping into a pool of resources shared with other users.

Because of this proximity to other tenants, cloud providers use something called "technically enforced separation" to sequester and protect your workloads and data.

Zero trust

When networks are complicated, who do you trust? Just because that device was used for a Teams meeting yesterday it doesn't mean it's being used by the same person today. This is where the notion of "zero trust" comes in.

Zero trust assumes the worst of everyone. It's like a bouncer at a club checking everyone's bag – no exceptions. If you pop out to buy some cigs and come back to the venue, you're due another frisking.

But zero trust isn't just about inspecting every user trying to access the network. It's also about giving them the least amount of access they need to do their job.

Think of a staff access card. Finance doesn't need to get into the kitchen and vice versa. Zero trust takes this "principle of least privilege" and applies it to the world of cloud security.

Are you looking for a consultancy firm that puts your cloud security strategy front and centre? Contact Ascend today to learn how we can help you secure your data – and your reputation.