Cloud Security Control

What Does Cloud Security Control Mean?

A cloud security control is a set of directives that protects the confidentiality, integrity and availability (CIA) of digital information in a public, private or hybrid cloud architecture.

Techopedia Explains Cloud Security Control

The Cloud Security Alliance (CSA) has created a matrix designed to help prospective cloud customers evaluate how much effort, time and money a particular provider puts on security. The Cloud Control Matrix addresses deterrent controls, preventive controls, detective controls and corrective controls.

Preventative controls are used to strengthen and protect the provider's infrastructure from known vulnerabilities in the cloud. To protect data in use, for example, the Confidential Computing Consortium recommends a hardware-based approach to cybersecurity that allows data to stay encrypted while it is being processed in memory. This approach, which is called confidential computing, provides an additional layer of security for organizations that process sensitive or regulated data in the cloud.

Detective controls are used to identify an attack as it occurs and limit its impact. This type of control includes log management, log analysis and automated alerts. Honeypots and intrusion detection systems (IDSes) both support detective controls.

Corrective controls are used to reverse the impact of an incident after it has occurred and minimize operational and reputational risk. This type of control supports measures taken to restore resources and repair damage.

Security controls can also be classified as either being operational, management or physical. Physical controls include the use of security tokens, while management controls can prevent users from being able to connect to the network with thumb drives.

Operational controls combine physical controls with management controls to create policy that details and enforces what type of cyber activity is permitted and/or prohibited.