Security in the cloud

An Initial Introduction to
Security in the Cloud

An Initial Introduction to Security in the Cloud

The reason there has been a huge shift to cloud is that it’s a lot simpler than on-premises in many different ways. With the cloud, there’s no hardware, and no need for around the clock monitoring. Cloud computing enables organizations to outsource data, applications or IT infrastructures and eliminates the need to operate their own servers and IT environments. But, at the same time, additional security risks arise due to the shared cloud environments, the services accessible via the public Internet, a possible loss of confidentiality, integrity and availability of data in the cloud environment.

Data protection is the key piece when speaking about cloud security especially when data is moved to a public or hybrid cloud and this task can no longer be strictly assigned to either the organization as the “data owner” or the cloud provider as “data host”. When using cloud services, customers are always at risk from the lack of separation of customer instances which can allow unauthorized individuals to view or manipulate third-party data because there is usually no physical separation of the instances in the cloud.

For example, due to legal regulations it may be necessary to delete data securely. In a cloud environment – where data, applications and the IT infrastructure is hosted by an external cloud provider – there might arise the risk that data will be deleted inadequately or incompletely. Since it’s hard for a company to track the location of the data storage the deletion process might not be transparent and thus, not fully understandable. Even after cancelling a cloud service, you cannot rely on the successful deletion of all data.

Securing Your Cloud Services and Cloud Environment

Cloud security is about securing your cloud services and your data hosted in cloud environments, and comprises a multitude of individual measures that protect against risks such as data loss, service failure or unauthorized access while using cloud services. A consistent implementation of cloud security will minimize the risk of failures, data loss, hacker attacks or unauthorized access to data by considering:

  • the access to the data
  • the physical security of the data center
  • the logical security of the servers
  • the security of the network structures and access
  • the security of the platform and the applications
  • Data security
  • the secure management of keys and access codes

One of the biggest factors in carrying out successful cloud security operations is ensuring everyone is on the same page. When deploying cloud security, it is crucial that your organization and the cloud solution provider you’ve chosen to move forward with, understand each other’s needs, responsibilities, and respective roles in the process.

Looking at our data protection example above, this would require your cloud provider to prove that they fulfill the data protection requirements and have appropriate emergency and recovery processes in place. In addition, you must have a documented process that controls user rights and change management. Contractually agreed regulations can be, for example, Service Level Agreements (SLAs), which assure customers of certain availabilities and, in the event of malfunctions, define response times, recovery times and alarm chains or escalation levels. In addition, agreements can be made about regular exercises to be carried out on security-related events. Making the right choice of a cloud service provider depends up on aligning strategies for compliance, security and in the worst case ensuring your data is available and recoverable, even if the provider goes out of business.

How You Can Proactively Close Cloud Security Gaps

Apart from the security activities, your cloud provider should ensure there are a couple of things you can undertake yourself to keep your cloud data secure:

  • Encryption: First, make sure the data you upload to the cloud is stored only on encrypted media. Secondly you should ensure that it is encrypted and cannot be decrypted by unauthorized persons, including your cloud provider. Keep your encryption keys in-house to avoid unauthorized access. Thirdly, ensure data protection during transport (e.g. via HTTPS connections), especially if the cloud is accessed via insecure or public networks.
  • Endpoints: All devices that can access your cloud must be secure. Infected devices, for instance, will provide hackers access to your data even if servers and transmission paths are secured.
  • Authentication: Only employees who really need the data for their daily work should have access to the cloud. This requires a secure authentication process but better would be a two-factor authentication with a password and a security token. Password-only security policies are outdated since data is constantly breached. Also, ensure a strong Identity and Access Management (IAM) is in place so users only get the rights for the data sections they need and administration rights should be limited.
  • Data Backup: Make sure you always have an additional backup system in place, regardless of storing files or data bases. Data backup and storage in the cloud is often limited in time by the cloud providers. Additional backup solutions like BackupSimple can help you to always stay in control of your data.
  • Monitoring: An early-warning system and consistent monitoring helps you to recognize security gaps and incidents before they really damage your company.

Working with a cloud services provider provides a huge boost to your bottom line because infrastructure costs are no longer capitalized. On-premises security takes a lot of manual work which can tie up precious resources on activities not leading to business growth. Whichever cloud solution or platform you choose, they should be taking over those more administrative tasks and providing you with security that is perfectly tailored to your organization. Which, at the end of the day, is more reliable than an on-premise solution.

Let Us Assist You On Your Cloud Journey

If your organization uses Microsoft Azure or AWS, you should be looking for a cloud security solution that knows exactly how to build out your strategy. We have multiple years of cloud experience, so we know the product suite inside and out. This way, you’ll be able to lower your cloud spend and optimize your workload as securely as possible. Then you can put the focus back on yourselves through improved scalability, lower IT costs, and even more innovation.

Learn more

Managed Cloud Services

SoftwareONE’s Managed Cloud brings together the people, process and technology to optimize your cloud initiatives.

more

BackupSimple

Remove risk and complexity by simplifying the process and storing all your data in your cloud storage.

more

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan Director, Security Practice & CISO

Software Portfolio Management

Related Articles

how-to-improve-consistency-with-devops-and-automated-patch-management
  • 25 March 2020
  • Tony Pagnusat
  • Managed Cloud
  • DevOps, Patch Management

How to Improve Consistency with DevOps & Automated Patch Management

IT teams face compliance and budget challenges when handling access and user rights. DevOps services can help them rise to those challenges with better overall efficiency.

Be Prepared: Security Trends To Watch Out for in 2020

5 Key Strategies for Creating a Cyber Awareness Program

A strong cyber-security posture goes well beyond the security team. Let’s take a closer look at the five key strategies for creating a cyber awareness program.

Modern Cloud

What Enterprises Need to Know When Migrating to the Modern Cloud

In a society that has never embraced the modern cloud more, what do enterprises need to understand when starting the data migration and storage process? Let’s take a look.