As businesses adopt cloud computing at an increasing pace, they realize the benefits of on-demand, scalable infrastructure. They also find themselves needing to support shared security models and deferring some security responsibilities, such as managing data center physical device security. Cloud providers offer a range of security controls to help protect the confidentiality, integrity, and availability of their infrastructure. These controls alone are not sufficient to address attacks that target customer applications, services, configurations, identity access management, compute resources, or subscriber data. Customers are still responsible for enhancing the overall level of security protections by deploying security controls to in their cloud infrastructure that identifies when attack prevention solutions fail, policy violations occur, or controls are not performing reliably. This strategy includes adding a layer of detection within the cloud environment for threat visibility and early detection.
This paper provides an overview of cloud security controls and best practices, with particular emphasis on the responsibilities of customers, assessing controls and practices, and their limitations.
It discusses deception technology, and how it complements other security controls and measures, especially with regards to protecting cloud-specific technologies and resources.