Secure Data in the Cloud
Executive summary
As organizations move more of their data into cloud environments, the prevention of
unauthorized access to that data is extremely important. Data stored in the cloud can
take many forms depending on the needs of the organization. For these reasons,
organizations must understand the sensitivity of the data they store in the cloud, select
the appropriate storage services, and apply pragmatic security methods to properly
protect their data. The purpose of this cybersecurity information sheet is to provide an
overview of what cloud storage is and common practices for properly securing and
auditing cloud storage systems.
Cloud data types
The three main types of data storage that cloud service providers (CSP) offer are:
File, which stores data in a folder-based structure and allows for user access
via protocols like network file system or server message block protocols.
Object, which stores data objects in a key-value data store. Users can access
these objects by interacting with the Object storage application programming
interface.
Block, which is typically used by cloud compute resources that need large
amounts of hard drive space, ranging from Nonvolatile Memory Express
(NVME), Solid State Drive (SSD), and Hard Disk Drive (HDD) speeds and
sizes. [1], [2], [3]
File, Object, and Block storage systems are not only standalone systems, but also are
used as the building blocks for cloud-specific platform as a service (PaaS) and software
as a service (SaaS) offerings. PaaS instances are on-demand, comprehensive
platforms used for deploying custom software in the cloud. SaaS instances are ready-
to-use software, such as email, collaboration, or file sharing applications. Typically,
when provisioning PaaS and SaaS offerings, the storage system is not hidden within the
service, but instead is directly available and is managed alongside the PaaS or SaaS
system.