Cloud Security vs. Cloud Access Security

Difference Between Cloud Security and Cloud Access Security

The security of cloud also known as cloud-computing security is a kind of computer security or network security within a broader category of information security. The Cloud security is responsible for all controls, policies or security measures built for protecting data, applications and infrastructure especially in the clouds. On the other hand, Cloud access security, is a sub-topic of cloud security, dealing with where the data is located and who is accessing it. Mostly, it provides a management system to identify the users of the cloud.

Cloud Security

Cloud security is an emerging sub division of network security, which deals with the establishment of security measures for the cloud content, by different policies, controls and infrastructure. However, the cloud security is unrelated to measures of cloud-based security applications such as antivirus or cloud-based management software. The security of the cloud is dependent on the concerns faced by the provider and by the client of the cloud. Cloud providers deliver infrastructure, software and the platform as services to customers of cloud. It is the responsibility of the cloud providers to ensure that applications and customer data are protected, while it is the customer’s duty to ensure that the service provider has taken steps to protect the information.

The issues of security of cloud are divided into three main categories, namely, Security and Privacy, Legal issues and Compliance. To maintain security and privacy of the data, several measures are applied. These include, data protection mechanisms, security measures at the application level, security features at a personal and physical level, data masking mechanisms and guarantee mechanisms. To maintain the acquiescence, service providers must follow many regulations on the retention of data such as PCI DSS (Payment Card Industry Data Security Standard), Sarbanes-Oxley Act and the HIPAA (Health Insurance Portability and Accountability Act). These regulations require regular audits. Whenever there are legal and contractual problems, there should be proper agreements between providers and clients on intellectual property, liability and the conditions of end-of-service.

Cloud Security Approach

Cloud access security is a part of cloud security. It regulates how much data can be allowed to be accessed and by which customer. Access security approach is an important factor in the private cloud.  It is even more important in public clouds where multiple providers provide service together. In every cloud, there must be Identity management Systems. These systems may be the Identity Management System of the client integrated into the cloud, making use of single sign-on or federation. Or, these can be systems provided by the service providers themselves. If the sign Simple – the technology is used between different SaaS (‘software as a service’) providers, so the user can use the same set of the ID to connect to all systems. Federation technology regulates the mechanisms to coordinate identities of users through various systems. In order to ensure that the service provider’s administrators do not abuse their access rights, customers can install event log monitoring tools. These tools can alert the customer when there are inconsistencies in the logging in times or patterns in the provider’s administrators.

What is the difference between Cloud access security and Cloud security:

Cloud is one particular aspect of computer security, which protects the content of the cloud by making use of different policies, controls and infrastructure. The security of the cloud has many aspects and cloud access security is one of its significant dimensions. Cloud access security protects cloud content by creating secure access mechanisms. These mechanisms decide who can access the cloud and when. Maintaining the security of cloud access is most important to maintain the security of cloud. This eliminates the chances of unauthorized users getting access to the data in the cloud and thereby compromising the security of the data stored in the cloud.


Category: VS  |  Tags: