Cloud Security Control

What Does Cloud Security Control Mean?

A cloud security control is a set of directives that protects the confidentiality, integrity and availability (CIA) of digital information in a public, private or hybrid cloud architecture.

Advertisements

The purpose of a cloud security control is to minimize vulnerabilities and reduce the operational and reputational risks associated with using public cloud services. It is a broad term that consists of the all measures, practices and guidelines that must be implemented to ensure the safety of data in transit, data in use and data at rest.

Techopedia Explains Cloud Security Control

The Cloud Security Alliance (CSA) has created a matrix designed to help prospective cloud customers evaluate how much effort, time and money a particular provider puts on security. The Cloud Control Matrix addresses deterrent controls, preventive controls, detective controls and corrective controls.

Preventative controls are used to strengthen and protect the provider's infrastructure from known vulnerabilities in the cloud. To protect data in use, for example, the Confidential Computing Consortium recommends a hardware-based approach to cybersecurity that allows data to stay encrypted while it is being processed in memory. This approach, which is called confidential computing, provides an additional layer of security for organizations that process sensitive or regulated data in the cloud.

Detective controls are used to identify an attack as it occurs and limit its impact. This type of control includes log management, log analysis and automated alerts. Honeypots and intrusion detection systems (IDSes) both support detective controls.

Corrective controls are used to reverse the impact of an incident after it has occurred and minimize operational and reputational risk. This type of control supports measures taken to restore resources and repair damage.

Security controls can also be classified as either being operational, management or physical. Physical controls include the use of security tokens, while management controls can prevent users from being able to connect to the network with thumb drives.

Operational controls combine physical controls with management controls to create policy that details and enforces what type of cyber activity is permitted and/or prohibited.

Advertisements

Related Terms

Latest Cloud Computing Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Cybersecurity

NIS 2 Directive’s One-Year Window for Business Compliance Starts Today

Neil C. Hughes1 year
dummy_img
Buzzwords and Jargon

Tech Shame: Gen Z Fears ‘Normal’ Technology More Than Gen X

Sam Cooling1 year
dummy_img
Artificial Intelligence

6 Generative AI Startups to Watch in 2024 

Tim Keary1 yearTechnology Expert
dummy_img
Blockchain

Australia’s Central Bank’s Verdict on Tokenization and CBDCs

Nicole Willing1 yearTechnology Writer
dummy_img
Cybersecurity

Cybersecurity for Kids: The Best Tips For Concerned Parents

John Meah1 yearCybersecurity Consultant
dummy_img
Artificial Intelligence

AI May Be About to Send Astronomy into Hyperdrive Mode

Kaushik Pal1 yearTechnology Writer

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Investing
Investing
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
VoIP
VoIP
VPN
VPN