Cloud computing offers unprecendented convenience, not to mention scalability and cost efficiencies. Yet, it’s incredibly important that organizations ensure they don’t sacrifice security for the benefits of cloud applications, servers and networks. While securing the cloud can be a multi-faceted prospect, there are five main things to keep in mind as you defend your cloud resources against cyber threats.
1. Vet Your Cloud Service Providers and Choose Wisely
The number of cloud service providers can be overwhelming, and each offers a different set of services ranging from temporary public data storage to a comprehensive data storage and processing solution with built-in security monitoring and controls. When selecting a cloud-based solution for business data management, choose a reputable cloud service provider with a good security track record. Look into the available features and services, service level agreements, and any reviews or recommendations from other customers to ensure you’re getting a service provider aligned with your organization and your goals. Inquire about their security practices and make sure they are in compliance with any regulations that apply to your business.
2. Take the Time to Create a Risk Mitigation Plan
Not all data belongs on the cloud. While it can be tempting to take advantage of the cloud’s convenience and benefits across every part of your business, be realistic about the information that requires additional security measures.
Before uploading data, it’s important to consider “why” you need it uploaded and the potential risks associated with its exposure. Not all data is created equal, and inappropriately using the cloud for storage of sensitive information may put you on the wrong side of data protection policies, laws or regulations. Before uploading data, perform a data classification and risk assessment. Your organization should have a data classification framework detailing risks associated with different types of data and the essential protections for each data type. If the cloud-based storage solution does not provide protection strong enough to protect your most valuabe and sensitive data, then simply don’t upload there.
3. Implement the Right Data Security Controls
A common mistake organizations make is failing to assign the right security controls for the data they are storing in the cloud. Providers offer a range of protection levels and it’s important to choose and implement the appropriate level for the information being stored or processed.
For example, Amazon Web Services (AWS) is a common provider of cloud-based solutions. One of their available products is AWS S3, cloud-based data storage. S3 has two main levels of security: private and public. S3’s private mode means access is by invitation only. Before someone can access data in the S3 bucket, they must provide a valid set of credentials to demonstrate they are authorized to access the account. The private mode is the appropriate setting for S3 buckets for business use cases; however, lack of knowledge and desire to avoid the overhead of properly implementing security controls leads users to set the security settings to public instead.
In public mode, the data stored in the S3 bucket is viewable to anyone familiar with the URL of the S3 bucket. Since it’s possible to search for S3 bucket URLs, this means you’re giving access to anyone who decides to go looking for it. This can be particularly devastating for highly sensitive records including the military and election data.
Once you’ve picked a cloud-based solution and configured your business needs, they should be included in any threat hunting exercises performed. Regularly run assessments to identify exploitable vulnerabilities in cybersecurity defenses, and, if you store or process data on the cloud, these solutions should be part of the tested infrastructure.
4. Secure Cloud Login Credentials
Stolen credentials are among the most common tactics cyber criminals use to breach data, install malware or ransomware and infiltrate networks and systems. Make sure you have a strong credential management solution in place to defend against unauthorized access. If an authorized user’s credentials are compromised, the chances increase that data is accessed, stolen, and breached – or even put up for sale on the Dark Net.
Depending on the sensitivity of the revealed data, this could have significant legal impacts on your organization. Implement a system to securely manage and monitor user credentials to ensure your data security in cloud computing.
Additionally, it’s vital to be aware of the loss of credentials as soon as possible to minimize the negative impact on cloud computing security. Credential monitoring helps determine if your credentials have been exposed in a data breach or are for sale on the Dark Net. Issuing smartcards or other physical tokens to users with cloud access decreases the potential for unauthorized users to access your sensitive information.
5. Know Data Protection Responsibilities
When implementing a cloud-based solution, it is crucial to know the breakdown in data security in cloud computing responsibilities.
Depending on the type of cloud-based solution you are using (i.e. Software-as-a-Service vs. Platform-as-a-Service, etc.), the security of different levels of the solution (operating system, data, programs, etc.) may be your responsibility or that of your Cloud Service Provider.
Another information source, regarding relative security responsibilities, is the terms of your agreement with the cloud service provider. This helps facilitate certain responsibilities to both parties and ensures that nothing falls through the cracks.
Lastly, laws and regulations may define your organizational responsibility for the security of safe data. For example, the EU’s General Data Privacy Regulation (GDPR) lays out explicit responsibilities for data owners, controllers, and processors. Knowing the applicable regulations and implementing appropriate protections is crucial for cloud security.
Taking Advantage of Cloud Benefits Securely
Cloud computing offers organizations many solid advantages; however, an essential aspect of setting up this environment is implementing quality security controls. If you are considering a move to the cloud or have an existing cloud-based solution, these five tips can help you ensure your data is protected.
About the author
Contact CyberDefenses to speak with us about defending your organization against cyber threats.