The cloud has become a mainstay for many businesses and governments and the revolution is still growing at a very fast pace. The darker side of the cloud is the insecure ownership and control, making the cloud by nature susceptible to cybercrime.
In a recent report from Symantec, a 200 percent increase in supply chain attacks of cloud infrastructures was observed in 2017. The figure is expected to be higher in 2018.
The Cloud Security Challenge:
In an attempt to provide extra security for cloud data, many cloud service providers (CSPs), have launched extensive cloud security technologies. Google has announced ‘shielded VMs’ to prevent hostile attacks. Even with these security technologies in place, however, users still have a large role to play in keeping their data safe.
Security in the cloud is different from on-premises security, making it complex due to the various rules implemented and security issues faced, such as failure to encrypt data. Access to the cloud server should be defined on a point-to-point basis. That means that access to data should be restricted based on the requirement of every individual, whether management or staff, should be clearly defined.
Securing Your Data on the Cloud:
The main objective of cloud security is to keep data secure, sharing the responsibility between the provider and the client. Here are some good practices that can be implemented to leverage the benefits of cloud services.
1. Encryption of Data
- End-to-end encryption of data in transit
For high-security processes, where the data is highly confidential, all interactions with servers should happen over a secure socket layer (SSL) transmission. To ensure the end-to-end encryption of data, the SSL should terminate within the CSP’s network. Comprehensive encryption, when performed at the file level, makes cloud security stronger. All data should be encrypted before being uploaded to the cloud.
- Encryption of data when at rest
Even when data is at rest, encryption should be enabled. This helps in complying with regulatory requirements, privacy policies, and contractual obligations related to confidential data. Before registering with your CSP, security policies should be verified with an auditor. AES-256 is used for encrypting data in the cloud and the keys should be encrypted with master keys in the rotation. Field-level encryption will also help keep the data secure.
2. Robust and Continuous Vulnerability Testing and Incident Response
A good CSP contract includes regular vulnerability assessment and incident response tools that extend to devices and networks. The solutions given by incidence response tools might enable automated security assessments to test system weaknesses. CSPs should be able to perform scans on demand.
3. End-user Device Security
Securing cloud-connected end-user devices is an often-overlooked component of a well-rounded security program. When utilizing infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) models, deploying firewall solutions in your end devices to protect the network perimeter is very important.
4. A Private Cloud and Network are Best
Opting for a cloud environment which is private and where you can have complete control over access to your data is the preferred method as opposed to using a multi-tenant instance. Also, opt for cloud storage or software-as-a-service (SaaS) which belongs to only you and is not shared with others. These personal clouds are called virtual private clouds (VPC) and all traffic to and from these VPCs can be routed to the corporate data center. This can be done through an internet protocol security (IPsec) hardware VPN connection.
5. Compliance Certifications
The two most important certifications that you should consider are SOC 2 Type II and PCI DSS.
SOC 2 Type II is a type of regulatory report that defines the internal controls of how a company should safeguard its customer data and operation controls. SOC2 deals with regulatory compliance, internal risk management processes, and vendor management programs. It confirms that a cloud service has robust management as it is specifically designed to ensure higher standards of data security.
PCI DSS – PCI DSS stands for Payment Card Industry Data Security Standard and is important to organizations that deal with credit card transactions. Meeting this standard helps keep cardholder data safe from fraud. It ensures that sensitive data stored in a cloud is processed and transmitted in a secure manner. It impacts security policies, procedures, software design, network architecture, and various protective measures.
Leading public cloud providers like Microsoft and Amazon offer proprietary credential management tools to provide legitimate access and keep intruders away from sensitive data. Having sophisticated tools can help ensure the security of your data in the cloud.
Defense is a matter of strict design principles and security policies scattered over various departments. By implementing the above key guidelines as part of your cloud strategy, you are on your way to securing your data in the cloud.