Skip to main content

5. Cloud & Network Security:

Cloud Computing

  • Cloud Computing operates on the principle of using external processing and storage capabilities over a network connection. Prominent service providers include Azure and AWS.
  • Security Considerations: There's inherent risk when entrusting sensitive and confidential data to third parties. It's crucial for cloud providers to maintain security standards that align with, or exceed, those of the individual or organization. Interestingly, many major cloud providers often surpass the security capabilities of on-premises solutions, barring extremely high-security scenarios.

CASB (Cloud Access Security Broker)

Definition: A CASB is a security solution that sits between an organization's on-premises infrastructure and cloud provider's infrastructure. It acts as a gatekeeper, allowing organizations to extend their security policies to cloud applications.

Purpose:

  1. Visibility: CASBs provide insights into unauthorized cloud usage or "Shadow IT", where users might utilize applications not sanctioned by the organization.

  2. Compliance: They ensure that cloud services are used in compliance with industry regulations and organizational policies.

  3. Data Security: CASBs protect sensitive data in the cloud through various means like encryption, tokenization, and access controls.

  4. Threat Protection: They defend against cloud-based threats by recognizing and counteracting malicious activity.

Shadow IT:

  • Issue: Departments or individual users sometimes adopt cloud applications that are not officially approved by the IT department. This is usually done with good intentions, like trying to be more productive or efficient. However, this poses a risk as the IT department has no visibility or control over these apps, potentially exposing the organization to security vulnerabilities.

  • Solution: CASB solutions detect such unsanctioned applications, giving the IT department visibility and control to either integrate those apps into the official workflow (after ensuring they're secure) or block them.

Example: Imagine an employee uses a free cloud storage solution to store official documents for easier access. While their intent is to work efficiently, this can bypass official security protocols. With CASB, the IT department can detect this usage. They can then decide to either block access to that cloud storage or consider integrating it as an official tool after vetting its security.

Security-as-a-Service (Security-aaS)


  • This concept revolves around entrusting an external cloud entity with your security needs. Rather than building and managing security in-house, organizations can leverage online services tailored for protection.
  • Services under this umbrella might include identity protection, security information event management, and more. In essence, consider Security-aaS as a method to outsource the intricacies of the security function, much like how SaaS operates for software.

Security as a Service, often abbreviated as SECaaS, refers to a cloud computing model where security services are provided remotely by an online entity. Instead of an organization having to maintain its own security infrastructure and team, it outsources these functions to a SECaaS provider. These services can encompass a broad range of security aspects, including intrusion detection, malware scanning, data loss prevention, and more.

Security Information Event Management (SIEM)

Imagine a city, buzzing with life, people going about their business, and traffic flowing through its veins. Now, imagine this city is your network, and the SIEM is the high-tech surveillance system constantly monitoring the city's heartbeat.

SIEM, or Security Information Event Management, serves as the control tower of this bustling metropolis. It gathers data from various sources across the network, akin to the many CCTV cameras across our city, watching for unusual activities and traffic anomalies.

Like a seasoned detective, it sifts through this wealth of information, interpreting it, looking for clues and patterns. It utilizes advanced technologies like User Behavior Analytics (UBA), Artificial Intelligence (AI), and Machine Learning (ML) to identify potential threats. Imagine our control tower spotting a suspicious vehicle, moving erratically through traffic, and sounding the alarm - that's the SIEM alerting the security teams of potential threats before they escalate, keeping our city safe and secure.

Security Orchestration Automation, & Response (SOAR)

Now, enter SOAR, the highly efficient and proactive police force of our city. When the SIEM control tower spots a potential threat and sounds the alarm, the Security Orchestration Automation, & Response (SOAR) springs into action.

Acting as a centralized command center, SOAR organizes the response to these alerts. Equipped with a playbook for different threat scenarios - like our police force having specific protocols for dealing with a suspicious vehicle, a burglary, or a missing person - SOAR ensures a swift and effective response. It could be an automated chase by drone or a single-click authorization for a roadblock - the response depends on the nature of the threat.

Working in unison, SIEM and SOAR create a harmonious symphony of modern cybersecurity. The vigilant eyes of SIEM, combined with the quick response of SOAR, provide a comprehensive defense mechanism, keeping our city - your network - safe from threats.
Back to top