Don’t Make Mistakes That Leave Data in the Cloud Vulnerable
One of the biggest causes of cloud security breaches is system misconfiguration. This is often the result of accepting default settings that make data and systems public instead of private. This may be the result of a common misunderstanding, that the cloud provider is responsible for data security. That mistaken belief is dangerous: Gartner has estimated that over the next several years, 99% of cloud security failures are the customer’s fault. What can businesses do to make sure they don’t make those kinds of mistakes?
1. Understand your cloud security responsibilities.
The bottom line is that your systems and data are always your responsibility, but in some cloud usage models, you have less control than in others. Once you understand what your cloud provider will do, you can focus your efforts on what they won’t do. In addition, you should continue to use a layered security model and defense in depth to protect your assets, including those in the cloud.
2. Understand your cloud technology.
One of the biggest difficulties in cloud is that it’s still unfamiliar to many businesses. In addition, multicloud means that businesses need to understand the security structure in multiple environments, which may require hiring outside experts. There’s also a problem that cloud technology is not static. The security of tools you use can change. Additionally, cloud offers many free trials of services, allowing technology and business teams to experiment with technology before it’s been assessed by the security organization. Businesses need to track changes in their clouds to identify new services so they can be reviewed for appropriate security settings.
3. Protect data by encrypting it.
Leaving data public is a mistake, but the consequences are minimized if the data can’t be read. All data stored in the cloud should be encrypted. Whenever possible, the business and not the cloud provider should manage the encryption keys.
4. Focus on visibility.
Another way to minimize the impact of misconfigurations is to detect and correct them as quickly as possible. Visibility in the cloud can be challenging, but there are many tools that offer insight. Cloud providers often have tools that scan your cloud infrastructure for vulnerabilities as well as tools that offer best practices to ensure systems are secured. Build a process for reviewing cloud logs and responding to alerts.
5. Build security reviews into your processes.
Security will never be effective if it’s an afterthought. Design reviews, testing, and deployment plans should all address security considerations. By addressing security concerns at every step of development, you reduce the risk of overlooking a damaging mistake. Also, recognize that because things change, you need to review the settings for all your cloud infrastructure periodically to ensure that no new risks have been introduced.