Cloud Security Best Practices
While public cloud providers dedicate extensive efforts to security, customers retain responsibility for how they use those services, including the data that is stored in them, and how it is shared and accessed.
Unfortunately, most cloud customers are failing to adequately execute their shared responsibility for security. Gartner predicts that, through 2025, at least 99% of cloud failures will be the customer’s fault. A September 2019 McAfee survey of 1,000 enterprises in 11 countries finds that, in most cases, a successful breach “is an opportunistic attack on data left open by errors in how the cloud environment was configured.” The fact is that most attackers aren’t sophisticated. Instead, they opportunistically exploit simple mistakes. This is good news. Simply being more fastidious in how your workloads are configured can substantially reduce your risk of breaches.
Tips to Properly Execute Cloud Security: Gain Complete Visibility
Cloud security implementation can be segmented into the following four categories, all of which enforce one another:
Components of cloud security are highly interconnected. Weaknesses in one area can reverberate in others.
Visibility and End-to-End Context are Vital
It’s important to understand how resources should behave so you can observe when that behavior deviates. This requires a complete picture of your environment and context around all your cloud log and event data, so you know what to expect, and can more effectively detect and visualize threats.
Visibility also requires context in order to be useful. It can be nearly impossible to discern useful info from mountains of data logging cloud events. Look for cloud security solutions with consolidated dashboards that provide insights and intelligence needed to not only identify threats, but act in a timely manner.
Trust but Verify
Legacy security infrastructures are based on the outdated assumption that anything within the security perimeter can be trusted. They’re ineffective and leave organizations exposed to cyberattacks. The concept of a secure castle surrounded by a moat is archaic.
Conversely, Zero Trust security is an approach that trusts no user, device, workload, or system, either inside or outside the perimeter. No one and nothing should be trusted by default, regardless of the location in which it is operating from, either inside or outside the security perimeter.
Additionally, make sure your data is always encrypted.
Identity & Access Management (IAM)
Identity and Access Management (IAM) is the process of managing who can do what on which resources. The role of identity and access is to facilitate access and authentication to all IT infrastructure, including SaaS apps and on-prem apps. Azure describes IAM as ‘protecting your applications and data at the front gate,’
IAM that maximizes security while minimizing friction for the end user is a challenge. Cloud security must manage access both in terms of user identity and their origin. Look at federated domain services to allow synchronization of user permissions and policies between on-premise and cloud services and applications.
The Insidious – and Deceptive – Risk of Insider Threats
Many organizations are concerned about the risk of malicious insider threats, such as disgruntled employees committing sabotage or stealing intellectual property. However, the greatest risk lies with employees who are well-meaning, but negligent. And unfortunately, this group is sizable.
In the “State of the Insider Threats in the Digital Workplace 2019” survey conducted by BetterCloud, 91% of respondents felt vulnerable to insider threats.
In most cases, it’s all too easy for well-intentioned users to make choices that increase risk and make your organization incompliant. It’s important to gain visibility into the choices users are making in apps, such as sharing confidential documents with external consultants or making public cloud databases freely accessible via the internet. You need to be alerted to certain configurations that might increase risk, and, ideally, be able to automatically remediate.
Context, again, is key. Solutions like Cognni can bring information intelligence to Microsoft Office 365 with a proactive approach to information recognition. Cognni’s AI understands context, learning which interactions are acceptable within Microsoft Office 365, and identifying risks to your information.
Threat Hunting
Threat hunting is necessary because, unfortunately, no cybersecurity solutions are always 100% effective. Additionally, successful attacks frequently remain undetected. To hunt threats, you need to collect enough quality data, use tools to analyze it, and have the skill to make sense of it all to search for patterns and potential indicators of compromise (IOCs).
Selecting a Cloud Security Services Provider
With the complexity of cloud services, it’s advantageous to have the support of an experienced services provider. ATS has over two decades of continuing commitment to high-quality technology services to help clients innovate and improve IT operations.
Download the eBook for more including:
- The unique security requirements of cloud native tech
- Coping with SaaS app attack vectors
- Shifting left with security automation
