Cloud infrastructure security, as the name implies, involves the protection of assets based in the cloud. Rather than existing as one of the distinct levels of infrastructure security outlined above, cloud infrastructure security spans a multitude of security levels, including the network, application and data levels. Only the physical security level, by definition, is exempted.
Cloud infrastructure security can be complex because many organizations fail to properly understand where the provider’s responsibility ends and their own responsibility begins. In general, many cloud providers are responsible for security “of” the cloud, meaning that they must ensure cloud infrastructure — which incorporates security of storage, compute and network layers — is inherently secure and reliable. Cloud providers outline these responsibilities in great detail in their terms of service, yet these environments are often so nebulous that confusion about who is responsible for what often persists — especially if an attack is detected.
While responsibilities vary from one provider to another, in general, the customer is always responsible for a number of cloud security tasks, including user management and access control, data encryption in the cloud, proper configuration of vendor-provided security tools, and adherence to relevant privacy laws.
With the rapid growth of the cloud, cloud security is of critical importance — largely due to the rise in attacks against cloud infrastructure. But securing cloud infrastructure is difficult for many reasons: an increase in the size of the attack surface, a lack of complete visibility into how cloud services are operating during runtime, the dynamic and often temporary nature of cloud-based workloads, and the general complexity of a cloud environment, particularly when multiple cloud services are involved.