Explained: cloud-delivered security

Explained: cloud-delivered security

As a counterpart to security for your assets in the cloud, you may also run into solutions that offer security from the cloud. These solutions are generally referred to as cloud-delivered security. Cloud-delivered security is sometimes called security-as-a-service which we will avoid here as it might be confused with the more generally used term Software-as-a-Service (SaaS).

Types of cloud-delivered security

It is not hard to imagine several types of cloud-delivered security:

  • Definitions or rules for detection are in the cloud
  • Security controls and logs for systems that in multiple places are located in the cloud
  • Suspicious files that are not recognized are uploaded to the cloud for closer inspection
  • The security applications run completely or partially in the cloud and check on the security health of the physical systems

With detection criteria in the cloud there is only one update needed for new definitions and not for every individual system.

Controls and logs in the cloud enable security management to be the spider in the web from virtually anywhere.

The closer inspection of the suspicious file can be done by the security provider themselves or use a more general resource like VirusTotal.

Using containerization, security applications can be shared amongst different systems, even if they are running a different operating system.

Models of cloud-delivered security

Besides these different types, there are also three basic cloud delivery models:

  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)

SaaS clients use applications supplied by a service provider. SaaS does not allow or require any control of the cloud platform or the infrastructure. This can be beneficial to some organizations while others would like at least some control.

PaaS users can deploy consumer-created or acquired applications using programming languages and tools supported by the provider’s content policies. This both limits the choices but it also enhances security.

IaaS is interesting for more sophisticated and demanding users as it allows them to deploy and run arbitrary software. This could apply to both operating systems and applications.

The main difference for these three delivery models is the internal organization of the cloud infrastructure. For the user this mainly results in a degree of freedom in how to use the infrastructure.

Cloud-enabled architecture

A cloud-enabled architecture is by definition built in the cloud and delivered as a service. This means it provides a platform that you can easily deploy, and it will help you minimize the need for costly appliances and backhauling.

Even more than when you are starting to use cloud enabled architecture, moving existing critical capabilities such as endpoint security into the cloud requires careful consideration of a wide range of privacy and security assurances. But sometimes the choice between the two isn’t one that is available. Circumstances do not always allow for the easy path of stepping into a readily prepared platform.

SaaS-based, cloud-enabled architecture should provide customers with a system that can be operational in minutes and requires no on-premise infrastructure. It may combine multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere.

Integrated cloud security service benefits:

  • Flexible security protection on and off network
  • Consistent policies across remote locations
  • Easier to scale on a subscription-based model

Benefits of cloud-delivered security

There are several benefits of cloud-delivered security:

  • The protection will benefit all cloud resources and the SaaS applications
  • It makes it easier to get insight into mobile users, application usage, and overall traffic
  • Enhancement of management efficiency because it can be centralized and done with minimal effort
  • Significant improvement in discovered malware incidents and attempted breaches
  • As a result, a reduction of security related downtime
  • Ease of gathering sufficient audit evidence

What to look for in cloud-delivered security

There are several aspects organizations may be looking for in a cloud security solution. These can vary by type of organization and their priorities. In no particular order these may be:

  • Assistance from security vendors
  • Cloud administration and management
  • Scalability and cost efficiency
  • Protect all critical infrastructure
  • Extra features

Security should work for the organization and not the other way around. Security vendors are expected to assume a stronger, more active role in managing and helping the client to maintain the protection of their systems and network(s). Cloud-delivered security allows the organization to focus on their business and abandon or reduce the do-it-yourself security approach.

For businesses looking to simplify their security management through the elimination of hardware, reduced administration, and centralized management, the cloud is the most viable option. And it allows the vendor or a provider to perform remote administration and management.

Cloud-delivered services can dynamically grow and shrink based on the needs of the organization and you only pay for what you need based on usage. Moreover, it can also be less expensive to acquire since they are usually sold on a subscription basis, where payments are spread out over time.

To optimize the use of assistance, centralized management, and scalability, a cloud-delivered security solution should be designed to protect all critical infrastructure, applications, and data delivered as-a-service.

Usually organizations can add extra services or features to the security solution, which can include, for example, identity management, email security, and other features.

Possible drawbacks of cloud-delivered security

Some organizations may shy away from cloud-delivered security for various reasons.

Organizations may feel they have less control over the functionality of the security solution, which is not always justified as it will depend on the chosen model. And most of the times you will still be able to file feature requests with the vendor and work them out.

Organizations may have doubts about the privacy of the delivered technology and storage of logs in the cloud. But if you can’t trust your security vendor there is a worse problem that needs to be solved first.

Further, data residency can lead to compliance issues for some organizations in some countries. This absolutely should be researched before onboarding with a vendor. It would be a shame to engage in an onboarding process only to find out that there will be compliance issues.

Smaller businesses and cloud-delivered security

Smaller businesses can still profit from cloud-delivered security by acquiring it from a Managed Services Provider (MSP). Security vendors will provide MSPs with a cloud management console where they can keep an eye on all their customers. This enables the MSP to protect, monitor and remediate against security threats.

Stay safe everyone!


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.