What is cloud security

What is cloud security?

Cloud security is the practice of protecting data, applications, and infrastructure in cloud environments through a shared responsibility model between cloud providers and customers. The split of security duties varies by service model - infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) - with providers securing the underlying cloud and customers securing what they put in it. Cloud security covers the same protection categories as traditional security (data, identity, network, application, and threat detection) but is designed for distributed access, dynamic resources, and multicloud environments. The U.S. National Institute of Standards and Technology (NIST) provides foundational guidance for cloud security in NIST SP 800-144. 

Cloud security

The shared responsibility model in cloud security

The shared responsibility model defines which security duties belong to the cloud provider and which belong to the customer. The split changes depending on whether the service is IaaS, PaaS, or SaaS - but the principle is consistent: the provider secures the cloud, and the customer secures what runs in it.

Security areaCloud provider responsibilityCustomer responsibility
Physical infrastructureYesNo
Network infrastructure Provider's network and hypervisorCustomer's segmentation, access controls, traffic policy
Operating systemsVaries by service modelVaries by service model
Applications and dataLimited (SaaS provider only)Yes - primary responsibility
Identity and accessProvider supplies toolingYes - configuration, policy, and enforcement

In IaaS deployments, the customer holds most responsibility - including operating system patching, application security, and data protection. In SaaS deployments, the provider handles most operational security, but the customer remains responsible for identity, access policy, and the data they put into the application. Misunderstanding this split is one of the most common causes of cloud breaches.

NIST SP 800-144 (Guidelines on Security and Privacy in Public Cloud Computing) and the Cloud Security Alliance (CSA) Cloud Controls Matrix both provide authoritative frameworks for understanding shared responsibility across cloud service models. 

How cloud security works

What cloud security covers

Cloud security helps organizations manage risk across the way they actually use the cloud. It protects users no matter how they access the internet, secures data and applications running in the cloud, and applies policy consistently across hybrid and multicloud environments. Specifically, cloud security helps:

  • Block threats earlier. Cloud security tools identify threats faster by combining intelligence and visibility, stopping malware before it spreads to networks or endpoints.
  • Secure complex cloud environments. A cloud security platform applies controls across multicloud deployments without slowing user productivity.
  • Secure hybrid and remote work. Cloud security protects apps, data, and users against compromised accounts, malware, and data breaches - supporting policy compliance for distributed teams.
  • Extend protection across attack surfaces. Cloud security covers users, devices, networks, applications, and Internet of Things (IoT) endpoints in a single program.
  • Scale with the cloud. As organizations add cloud applications, devices, and users, cloud security adds protection without manual reconfiguration.

Why cloud application security matters

In a multicloud environment, organizations choose what stays on premises and what runs in private, public, or hybrid clouds. Connecting to those clouds is straightforward - managing security across them is not. 

Cloud security manages and protects the entire ecosystem, whether data and applications run in the cloud, on premises, or in a combination of both. That includes servers and storage in the data center, IoT devices in distributed locations, remote laptops and phones, and employees at branch offices. 

Types of cloud security

Whether data and applications run in a public cloud, private cloud, or hybrid environment, they need protection.

Cisco offers cloud security across every connection and cloud service. 

Secure access to the cloud

Cisco Umbrella secures cloud access for users wherever they connect to the internet. 

Cisco Secure Workload protects workloads in multicloud environments using zero-trust segmentation. 

Cloud security for SaaS apps

Cisco Cloudlock safeguards SaaS application use, manages shadow IT through SaaS app discovery, applies risk profiles, enforces data security policy, and detects suspicious behavior. 

Cisco Secure Email Threat Defense blocks and remediates email-based threats.

Cloud infrastructure security

Cisco Secure Cloud Analytics monitors SaaS instances, detects abnormal behavior, and creates alerts for suspicious activity in public cloud environments.

Cisco Attack Surface Management improves security monitoring and reduces emerging threats across the attack surface.

Cloud application security

Cisco Cloud Application Security provides visibility into cloud applications and infrastructure, exposes exploitable attack paths, and supports compliance from a single solution.

Cisco Multicloud Defense converges network security with multicloud networking, delivering consistent protection across hybrid and multicloud environments. 

Types of cloud security threats

Malware

Malware is software designed to gain unauthorized access to a computer or cause damage to it. Cloud-based malware can spread across distributed environments faster than traditional malware because it leverages the same connectivity that makes the cloud useful.

Protect your endpoint against threats        Reduce the risk from web-based attacks

Ransomware

Ransomware is malicious software that blocks access to files or systems until a ransom is paid. Paying the ransom does not guarantee files will be recovered or systems restored, and ransomware operators increasingly threaten data exfiltration alongside encryption.

Cloud-delivered ransomware defense        Identify and block public cloud threats

Phishing

Phishing is the practice of sending fraudulent messages that appear to come from trusted sources, with the aim of stealing sensitive data such as credentials or payment information. Phishing is the most common type of cyberattack and a leading cause of cloud account compromise. Defenses include user education, cloud-based email filtering, and identity security tools such as Cisco Duo.

Social engineering

Social engineering tactics trick users into revealing sensitive information, transferring funds, or granting access. Social engineering is often combined with phishing, malware, or ransomware to increase the chance the target acts on a malicious request.

Learn more about social engineering tactics

How cloud security differs from traditional on-premises security

Cloud security and on-premises security share the same goals - protecting data, applications, and identities - but the operating context is different.

DimensionOn-premises securityCloud security
Trust boundaryDefined network perimeter Distributed, identity-based
Resource lifecycleStatic, manually provisionedDynamic, programmatically provisioned
Access patternsMostly internal usersDistributed users and services
ResponsibilityCustomer owns the full stackShared between provider and customer
VisibilityNetwork telemetry within the perimeterCross-environment telemetry across providers

The largest practical difference is responsibility. On premises, the customer owns every layer of the stack. In the cloud, parts of the stack belong to the provider - and the customer is responsible only for the layers above the provider's boundary. Identifying that boundary clearly is the foundation of effective cloud security. 

Common questions about CASB

Cloud security is the practice of protecting data, applications, and infrastructure in cloud environments through a shared responsibility model between providers and customers. It covers the same categories as traditional security but is designed for distributed access, dynamic resources, and multicloud environments.

The shared responsibility model defines which security duties belong to the cloud provider and which belong to the customer. The split varies by cloud service type - IaaS, PaaS, or SaaS - with the provider securing the underlying cloud and the customer securing what they put in it. NIST SP 800-144 and the Cloud Security Alliance both publish authoritative guidance on the model.

The main cloud security threat categories are data breaches, misconfiguration, identity compromise, malware and ransomware, and insider threats. Misconfiguration is the most common cause of cloud breaches because it often gives attackers access without exploiting any vulnerability. Phishing and credential theft are the most common entry points for identity-based attacks.

Cloud security is built for distributed access, dynamic resources, and a shared responsibility model - while on-premises security assumes a fixed perimeter and full customer ownership of the stack. The trust boundary in the cloud is identity-based rather than network-based. Visibility and policy must extend across multiple providers and environments rather than a single data center.

Secure access service edge (SASE) is the architecture that converges networking and cloud security into a single cloud-delivered service. SASE includes cloud security capabilities such as secure web gateway, cloud access security broker (CASB), and zero-trust network access. Cloud security is broader than SASE - it covers data, workloads, and posture as well as access - but SASE is the dominant architecture for delivering cloud-native security at scale.