Cloud security
Last Updated:
Analyst Coverage: Fran Howarth
Cloud security refers to two things: the security of the cloud and the provision of security services via the cloud, often referred to as security as a service.
In terms of the security of the cloud, considerations include the policies, technologies and controls that organisations must deploy to protect the infrastructure of the cloud and the associated data and applications. Whilst many have seen security to be an inhibitor to cloud adoption, its use can actually provide higher levels of security than in-house implementations. To ensure that this remains so, however, we need to do more to improve the security of the cloud and of the internet as a whole; see here.
To ensure that services based in the cloud are secure, there are a number of things that organisations need to consider; see Best Practice here.
In terms of security as a service, many organisations are finding many advantages in subscribing to security services based in the cloud (see here). Examples of services that can be provided include authentication, anti-malware, application security, and web and messaging security services.
Cloud-based services can provide advantages for a wide variety of organisations, from small organisations that lack the resources to manage security or applications themselves to large, distributed multinational and public sector organisations; see “Considerations when choosing a SaaS or cloud provider” here.
Many of the largest security vendors have developed capabilities in cloud security, many through acquisition, including McAfee, Symantec, Cisco and IBM. There are also a number of vendors from the network management space that have entered the market for boosting the security of cloud-based services, such as Barracuda Networks and F5 Networks. However, there are also a wide range of innovative, specialised cloud security services vendors, some of which have achieved significant funding recently. Some of these remain attractive acquisition targets; see here.
Downloads
- Overcoming the complexity gap - the role of automation in optimising network performance and security
- Cloud-delivered endpoint security - better protection is delivered via the cloud
- Best practices for cloud security - how security in the cloud can be a better bet than doing it yourself
- Why web security is best served in the cloud - Move protection to where the threats are
Vendors
The following companies offer solutions:
Further Information
Further resources to broaden your knowledge:

The new reality for government
The UK government has little option but to rethink the way it operates by moving beyond digital transformation to digital reinvention.

The state of play for identity management services - evidence from organisations in Germany and the UK
The results of this survey show that interest in the use of SaaS applications among organisations in Germany and the UK is increasing.

Blended security threats need a unified response - the need for an integrated, cloud-based threat vector management platform
Security threats are becoming increasingly complex, sophisticated and targeted and no organisation is immune.

Getting ahead in the cloud - ...the need for better identity and access controls
This paper discusses recent developments in identity and access management technologies for cloud-based applications.

Trust as the foundation of security
Trust is essential for building a sustainable business. Security is essential for building trust. To build trust in electronic networks, security...

Security based on trust not fear - ...the importance of a trusted cloud and Internet ecosystem
To build trust in electronic networks, security needs to be built into a suitable framework, rather than being bolted on.