Look Two Ways to Protect Your Cloud
Making sure your cloud is safe requires checking security in two places: in the cloud, and on your premises.
Cloud Security in the Cloud
Many concerns regarding cloud security can be addressed by investigating security in the cloud before you migrate to the cloud.
Investigate how your cloud provider handles:
- security of the premises. Physical security of the cloud can only be addressed by the cloud provider.
- insider and third-party risks. The cloud provider’s employees and contractors have access to your resources in the cloud, which presents insider threats. A major data breach at Capitol One was caused by a former Amazon Web Services employee.
- data destruction. Deleting data may not mean it’s gone, depending on how shared media is managed and how backups are handled. It’s important to understand how copies of your data are handled by the provider.
- shared resources. Shared servers and storage are the core of cloud, and there are many other shared resources as well. There can be risks that the boundaries between users of these shared resources can be breached. Cloud providers should be aware of these vulnerabilities and implementing patches to protect against them.
- vulnerabilities in cloud resources. The resources offered in the cloud are often insecure. Default settings may make resources public, rather than private. APIs may lack strong security. The preconfigured virtual machine images in the provider’s library or marketplace may have vulnerabilities.
- visibility and controls. Many of the vulnerabilities of cloud can be mitigated if you have good visibility that helps you understand how your cloud is being accessed, along with tools to help you ensure safe configurations.
Cloud Security on Your Premises
Within your own premises, you can improve cloud security and reduce risks by:
- training employees. All employees need ongoing training in safe computing practices, and especially in recognizing and avoiding phishing scams. The employees on your technology team need more intensive training on both cloud and security, so they can address them appropriately.
- recognizing inside threats. Employees can deliberately steal data in the cloud or accidentally expose it through use of shadow IT cloud resources. Consider using technology such as CASB (cloud access security broker) to place restrictions on access to cloud resources.
- governance and controls. The self-service aspect of cloud empowers employees but also creates risks that technology and data can be used in unknown, unapproved ways. It’s important to define policies that ensure employees know how they’re allowed to use cloud.
Make sure you look in both directions when implementing security in your cloud. Prescient Solutions implements comprehensive information security strategies that protect your data wherever it resides. Contact us to learn more about protecting your cloud.