Cloud Security: 10 Top Tips

Posted March 20, 2018 By  Cynthia Harvey
  • Previous
    Cloud Security
    Next

    Cloud Security: 10 Top Tips

    For organizations migrating to the cloud, security is the number one concern, but this expert advice can help keep enterprise data safe.
  • Previous
    Encrypt Data in Transit and at Rest
    Next

    1. Encrypt Data in Transit and at Rest

    Cybersecurity professionals say that encryption is probably the most important tool in the cloud security arsenal. In the Cloud Security Survey, 74 percent of respondents said data encryption was the most effective way to protect data in the cloud, and 64 percent said network encryption was among the most effective cloud security tools. In addition, 51 percent said that better data encryption would improve their confidence in public clouds.

    Experts say that in order for encryption to be effective, data must be encrypted both while it is being transmitted across networks and while it is at rest in storage. Organizations should use AES-256 encryption, and they should also store their encryption keys in an encrypted database with a master key that is updated on a regular basis.

  • Previous
    Backups
    Next

    2. Follow the 3-2-1 Rule for Backups

    Sometimes organizations get so used to thinking of the cloud as a backup mechanism that they forget that data stored in the cloud also needs to be backed up. Experts say that for cloud data, enterprises should follow the same 3-2-1 rule that applies to data stored locally. That is, enterprises should make three copies of each piece of data (one primary and two backups). The backups should be on two different devices or media, and at least one of those backups should be stored off-site. (Three copies, two devices, one offsite = 3-2-1.)

    Often, organizations that follow this rule within their data centers use a cloud backup service for their one off-site copy. But what happens when the primary version of the data resides in the cloud? In that case, enterprises should store at least one of their backups with a different provider. For instance, if you use Amazon S3 for primary storage, you could use Amazon Glacier to store one backup, and Microsoft Azure Backup for the other. And don't forget that software as a service (SaaS) data needs backups as well.

  • Previous
    Double-Check Your Compliance Needs
    Next

    3. Double-Check Your Compliance Needs

    Depending on your industry and your geographic location, any cloud providers you use may need to meet some cybersecurity requirements. In many cases, the vendors have achieved certifications like PCI DSS or SOC 2 that confirms that they have met certain standards. And even if you aren't required by law to use cloud vendors that meet these standards, you might want to look for certifications as a way to assure security for your own peace of mind.

    In the Crowd Research Partners survey, 36 percent of cybersecurity professionals said compliance was their biggest cloud security headache.

  • Previous
    Enable Multi-Factor Authentication
    Next

    4. Enable Multi-Factor Authentication

    Part of the appeal of cloud services is that users can access them from anywhere, on any device, at any time. But that easy access also adds a level of risk because IT security teams can't tell if traffic from particular devices or particular locations is trustworthy or not. That's probably why 61 percent of cybersecurity experts surveyed for the Cloud Security Report identified unauthorized access as the number one threat to cloud computing services.

    In the cloud, usernames and passwords are simply not enough to protect sensitive data. Experts recommend that enterprises require multi-factor authentication for cloud services, as a way to make unauthorized access less likely.

  • Previous
    Investigate Software-Defined-Perimeter Technology
    Next

    5. Investigate Software-Defined-Perimeter Technology

    Traditionally, organizations have protected the perimeter of their corporate networks with firewalls, and they assumed that all the traffic within the network was trusted. But that model no longer works in the cloud because users are regularly reaching beyond the edge of the network.

    One solution to this problem is a software-defined perimeter. This new approach hides infrastructure from attacks and essentially establishes a new network perimeter around each user. The technology hasn't been widely adopted yet, but Gartner has predicted, “By 2021, 60 percent of enterprises will phase out network VPNs for digital business communications in favor of software-defined perimeters, up from less than 1% in 2016.”

  • Previous
    Deploy a Next-Generation Firewall
    Next

    6. Deploy a Next-Generation Firewall

    Another approach to solving the problem of perimeter-less networks is to use a new kind of firewall known as a next-generation firewall or virtual firewall. While the characteristics of these products varies from vendor to vendor, in general, they can extend the corporate firewall around infrastructure as a service (IaaS) and platform as a service (PaaS) virtual machines.

    However, experts caution that next-generation firewalls alone aren't enough to protect a company's cloud servers. Instead, organizations should use them as one part of a multi-layered cloud security strategy.

  • Previous
    Use Automation Where Possible
    Next

    7. Use Automation Where Possible

    Trends like DevOps, DevSecOps, artificial intelligence and machine learning are all driving an increasing interest in automation. As attacks proliferate and threats evolve rapidly, many organizations find that their old manual processes can no longer keep up. In response, security vendors are incorporating more automation capabilities into their products. These tools make it easier to ensure that cloud instances are compliant with security policies and that the same configurations are being used throughout hybrid and multi-cloud environments.

  • Previous
    Test Your Security
    Next

    8. Test Your Security

    The only way to know if a cloud service is secure is to put it to a test. Enterprises need to make sure that their SaaS vendors are conducting penetration and vulnerability testing on a regular basis, and organizations should run their own penetration testing on applications running on IaaS or PaaS services.

    In the Cloud Security survey, testing was the most popular method that cybersecurity professionals were using to protect business applications. Among those surveyed, 60 percent said they used penetration testing, and 43 percent used static or dynamic testing.

  • Previous
    Plan Ahead for a Breach
    Next

    9. Plan Ahead for a Breach

    Security experts say that for most organizations, experiencing a breach isn't a matter of if, but a manner of when. According to research conducted by the Ponemon Institute, the average cost of a data breach is $141 per lost or stolen record. If organizations can detect and thwart or mitigate attacks early on, they can reduce the size of a breach and minimize their costs and the damage to their reputation. Organizations should plan ahead for the eventuality of a cloud security breach and decide how they will respond to attacks in progress.

  • Previous
    Train Your Employees
    Next

    10. Train Your Employees

    The greatest cloud security technology in the world can't protect your data if your employees choose to do stupid things. A key part of any security strategy is to train users to avoid risky behaviors like sharing accounts, saving cloud login information on mobile devices or choosing easy to guess passwords. IT should also educate managers about the need to make sure employees have access to only the cloud-based data and applications they actually need to do their jobs. When attacks on cloud-based applications or data succeed, it's often either because an insider was involved or inadvertently helped the attackers.

When surveys ask enterprise IT leaders about their biggest concerns related to cloud computing, security consistently tops the list. For example, In the RightScale 2018 State of the Cloud Report, 77 percent of the technical professionals polled said cloud security was a challenge with 29 percent saying it was a significant challenge.

Similarly, a Crowd Research Partners Cloud Security Survey of cybersecurity professionals found that 81 percent of organizations were concerned about cloud security, with 15 percent extremely concerned and 31 percent very concerned. In addition, security risks were the number one barrier to cloud adoption, cited by 33 percent of respondents.

When asked about their specific cloud security concerns, 57 percent said they were worried about data loss or leakage, while 49 percent pointed to data privacy as a challenge and 47 percent said confidentiality was an issue.

Part of the problem is that many legacy security tools and approaches don't translate to the cloud. In fact, in the Crowd Research survey, 78 percent of cybersecurity professionals said that their traditional security solutions either don't work in the cloud or have limited functionality. That means enterprises need new technology, policies and processes to keep their cloud data and applications safe.

So what should organizations be doing to improve cloud security?

Experts recommend the following ten tips.

Image Source: Pixabay



0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 

IT Management Daily
Don't miss an article. Subscribe to our newsletter below.