Securing the Cloud

Hand using smart phone with cloud data storage password login on screen, cyber security concept

The freedom of access – to anything, anytime and anywhere – is the strength and peril of the cloud.  While the cloud empowers accessibility, its ubiquitous nature can also undermine security.  The same avenues that give us access to information we want and need also open ways for hackers and malicious actors to reach us. But there is a silver lining. Because the cloud is always on, it’s possible to continuously monitor and secure it. The key is knowing when, where, and how to engage the right security techniques and practices. Here are a few of the most effective ways we’ve found to secure the cloud:

1. Plan how the cloud fits in your architecture

Good security starts from the ground up. A strong first move is defining how the cloud fits in your enterprise and network architecture. Have a plan for where the cloud will be used and how using the same segment and abstract principles you apply to your network. If something doesn’t need to interact with the cloud, then don’t let it. Isolate and break away elements that shouldn’t see one another. When you must allow access, abstract away what needs to interact with other areas, yet make sure visibility is constrained. The core of the concept here is control using least privileged access. Only give access when its needed and for as long as it is needed.

2. Keep data in the cloud organized

Organization goes a long way. Like a clean house, your cloud space should be neat and easy to maintain. Malware loves to hide in clutter as much as bacteria likes to lurk in a dirty house. Don’t let your cloud become a dumping ground for everything. Setting good organization policies is a good start, but make sure you strictly enforce these policies and clean up regularly to keep clutter in check.

3. Monitor and audit regularly

Once the basics are established, monitor aggressively and audit often. Keeping a watchful eye on your cloud environment enables you to respond rapidly and quickly resolve any issues that crop up. Typically, existing security tools can just as easily monitor cloud spaces as they can physical assets so you don’t have to implement new infrastructure to monitor your cloud environment.

However, auditing may require more than existing tools. Scans can catch things that are missed during the monitoring process, but they often fall short of catching everything you need to catch. Build strong processes to identify leaks, unsecured access and poor processes. Some of that will be driven by tools you buy, but others will require you to engage outside services or build the capability in house.

4. Secure your APIs and access credentials

APIs provide wonderful capability, but they need as much security as the data they provide. Credentials equally so. Many, high profile breaches have occurred because of poorly secured API access and leaked credentials. Don’t be the next sad victim in the news. Make sure APIs are secure and credentials are locked down.

The freedom and cost savings that the cloud delivers are a tremendous advantage for businesses, often leveling the playing field for smaller organizations. As long as security is a core consideration of your cloud deployment, you can enjoy all of the cloud’s benefits without sacrificing the security of your organization.

About the author

Monty St John

Monty is a security professional with more than two decades of experience in threat intelligence, digital forensics, malware analytics, quality services, software engineering, development, IT/informatics, project management and training. He is an ISO 17025 laboratory auditor and assessor, reviewing and auditing 40+ laboratories. Monty is also a game designer and publisher who has authored more than 24 products and 35 editorial works.