Large and small businesses are moving more and more of their data storage and mission-critical compute workloads to the cloud. A 2023 Rubrik report found that the typical organization increased its cloud data footprint by 73%. But these increasingly crucial cloud resources are tempting targets for hackers, leading to more frequent and sophisticated cyberattacks: a 2023 Proofpoint report found that 94% of cloud tenants targeted that year, and that 62% of those attacks were successful.
That means that cloud security is more crucial than ever, especially security for public cloud data backups. Let's take a dive into the world of public cloud security and see how you can better manage your cloud security risks.
Public cloud refers to cloud storage and compute services accessible over the internet and offered by service providers to multiple customers on a shared infrastructure. The best known public cloud services are Microsoft Azure, Amazon AWS, and Google Cloud, though there are many other vendors. Public cloud security encompasses the procedures and policies implemented to protect the data, infrastructure, and applications hosted on those public cloud services.
Public cloud security is almost always based on a shared responsibility model, in which the cloud provider and the customer each protect different aspects of the cloud infrastructure. In most cases, the cloud provider will manage security for the underlying cloud hardware, host OS, and virtualization layer, while customers must protect their own data and applications, along with the virtualized guest OS on which those applications run. As Amazon puts it, the cloud vendor manages security of the cloud while the customer manages security in the cloud.
Moving data or applications from an on-prem environment to a public cloud isn't just a lift-and-shift job, especially when it comes to your security posture. These environments come with a unique set of security risks that organizations must actively manage. Top concerns include unauthorized access and misconfigured storage buckets that could inadvertently expose sensitive data.
As businesses rely more heavily on cloud infrastructure, their attack surface will grow—particularly through insecure APIs or remote access channels that could be exploited in real time. These vulnerabilities make it crucial to implement strong authentication, access controls, and continuous monitoring. And no matter how robust your defenses, a reliable mechanism for backups for public clouds is essential for ensuring resilience and recovery.
Protecting cloud resources requires a layered, proactive approach:
Start with robust identity and access management (IAM) to control who can access your cloud environment.
Cloud data will be moving across the internet and through virtual environments that you don't fully control, so your sensitive data should be encrypted both in transit and at rest to ensure confidentiality even if intercepted.
Real-time monitoring with automated threat detection tools can flag unusual activity before it escalates.
Multi-factor authentication (MFA) and strict security policies based on a zero trust model are essential for reducing unauthorized access.
These best practices will lay the foundation for a strong security posture in the areas of your cloud infrastructure that you're responsible for securing. The U.S. federal government's Cybersecurity and Infrastructure Security Agency offers information sheets on cloud security best practices with more information.
Public cloud environments are different from a private cloud environment, where the customer organization has access to cloud infrastructure that isn't shared with other customers or clients. This private cloud may be hosted locally or accessed over the internet. The different types of clouds have different security models:
The public cloud's shared infrastructure opens up a broader threat surface
You have more control over a private cloud infrastructure, but must also deal with higher costs and maintenance, as some of the security responsibilities and capex expenses are shifted to you from the cloud provider.
Hybrid approaches, in which enterprises deploy some workloads and data on a public cloud and some on a private cloud or in an on-prem datacenter, are becoming increasingly popular. For instance, an organization may choose to keep most of their data in-house but take advantage of public Azure backups to save on storage costs.
As businesses increasingly adopt public cloud solutions, robust security practices are paramount to protect sensitive data and critical workloads. By embracing best practices like IAM, encryption, monitoring, and zero trust principles, organizations can mitigate threats and bolster their defenses. Public cloud security requires a proactive approach and an understanding of shared responsibility—your cloud provider secures the infrastructure, but safeguarding your data and applications is in your hands. With the growing complexity of cyber threats, a solid security foundation ensures resilience and trust as you leverage the cloud's many benefits.