AlignTrust
Architecture & Design

Cloud Security

The set of policies, controls, and technologies that protect data, applications, and infrastructure hosted in cloud environments.

What Is Cloud Security?

Cloud security refers to the discipline of protecting cloud-based systems, data, and infrastructure from threats. It encompasses the technologies, policies, controls, and processes used to secure cloud computing environments — whether public (AWS, Azure, Google Cloud), private, or hybrid.

Unlike traditional on-premise security, cloud security operates under a shared responsibility model: the cloud provider secures the underlying infrastructure, while the customer is responsible for securing what they deploy on it.

The Shared Responsibility Model

Understanding this model is critical. The boundary varies by service type:

  • IaaS (Infrastructure as a Service): Provider secures the physical data centre, network, and hypervisor. Customer secures the OS, applications, data, and access.
  • PaaS (Platform as a Service): Provider secures the OS and runtime. Customer secures applications, data, and access.
  • SaaS (Software as a Service): Provider secures almost everything. Customer secures user access, data classification, and configuration.

Most cloud breaches result from customer misconfiguration, not provider failure.

Common Cloud Security Risks

  • Misconfigured storage: Publicly accessible S3 buckets or Blob storage containing sensitive data
  • Over-permissioned IAM roles: Service accounts or users with far more permissions than needed
  • Exposed management ports: RDP or SSH exposed to the internet without restriction
  • Lack of MFA on cloud console access: Cloud management consoles are high-value targets
  • Missing encryption: Data at rest or in transit not encrypted
  • No logging: Cloud API calls and access events not logged or retained

Cloud Security Fundamentals

  1. Enable MFA on all cloud console accounts — especially root/owner accounts
  2. Audit IAM permissions — remove wildcard policies, apply least privilege
  3. Check storage access — ensure no cloud storage buckets are publicly accessible unless intentional
  4. Enable cloud-native logging — AWS CloudTrail, Azure Monitor, GCP Cloud Audit Logs
  5. Use cloud security posture management (CSPM) — tools that continuously scan for misconfiguration
  6. Encrypt data at rest and in transit — most cloud services support this natively

Related Terms

Identity and Access Management (IAM)Principle of Least PrivilegeEncryptionZero Trust ArchitectureData Classification

Related Articles

← Back to Security Glossary