What is “The Cloud”? That depends on who you ask, and some of the answers are downright silly.
A recent Microsoft ad campaign featured a woman frustrated with her attempts to take a family picture with everyone cooperating simultaneously. “To the cloud!” was her solution. “Photoshop-as-a-Service”, perhaps?
Apparently, “The Cloud” means “Software”.
Then I wandered into a large electronics store, the sort of place where you can buy disk drives in OEM packages stacked on pallets, liquid cooling systems, and similar hardware. Browsing the storage aisles, I discovered that “The Cloud” means “External disk drive”, and is starting to mean “USB thumb drive”.
Apparently, “The Cloud” means “Storage media”.
If the marketing people insist that it means too many things simultaneously, it will mean nothing at all.
Simultaneously, the range of “as a service” offerings is expanding to the point that “XaaS”, referring to “some arbitrary X as a Service”, is becoming a commmonly used term.
“Security as a Service” or SecaaS has been around for a while, but it is broadly applied to a range of offerings in a way that leaves it ambiguous. Does it mean security for what everyone would agree was a cloud server? Or security monitoring of your in-house systems from some security provider “out in the cloud”? Or does it mean you have agent software installed on your in-house systems, and you monitor them from your in-house desktop but by going through a web portal out at some provider?
I always assume that I don’t really know what someone means when they say “Security as a Service”. I need to investigate carefully.
The big question for many people is, “Can The Cloud be secure?”
Maybe. What do you mean by “The Cloud” when you ask that?
If you mean people walking around with portable disk drives and USB thumb drives (and dropping them, and leaving them on the bus), then no, there’s nothing at all I can do for you and probably nothing you could do for yourself either with the most draconian policy statements and tedious user training.
But if you mean IaaS with your careful control, or PaaS or SaaS with the appropriate built-in or added cryptographic tools, then yes, we may have a chance of getting that to be acceptably secure. And of course this depends on exactly what you mean by “secure”. What are your requirements for confidentiality, integrity, and availability of your data, processing, and communication?
Learning Tree’s Cloud Computing Comprehensive Introduction course gives you a handle on the terminology, and then the Cloud Security Essentials discusses ways that some of the different cloud offerings could be secured.