5 security recommendations for organizations embracing cloud services
In a previous blog post, I shared that when organizations are embracing hybrid and cloud infrastructures, they need to be vigilant against certain cyber attacks. Here are 5 security recommendations to keep in mind as you adopt cloud services.
5 security recommendations for organizations adopting cloud services:
1. Remember that security is a shared responsibility between the cloud service provider and the data owner (you)— and that’s a good thing! In particular, larger cloud providers tend to have a significant security staff and standard cloud architecture, security controls and diverse audits, making them better served to manage various aspects of cloud security. However, there are some aspects for which you as the data owner need to take responsibility.
Knowing who is responsible and to what degree varies depending on the cloud environment and the portion(s) of the technology stack the cloud service provider is responsible for: With SaaS, the cloud service provider owns everything but the data. By contrast, IaaS and PaaS can present greater challenges than SaaS because risk and responsibility are shared to a larger extent. [Learn more about the shared responsibility model in this paper.]
2. Securing identities in the cloud, just as on premise, is critical. Identities are the “keys” to your critical resources and data. The vast majority of security breaches take place when attackers gain access to an environment by stealing a user’s identity. Establishing a strong identity and access management posture can stop attackers from gaining entry and ensure employees only receive access to the cloud applications and resources they need. Implemented correctly, it can also improve usability by enabling a transparent and intuitive login procedure. Multi-factor authentication (MFA) can help stop 99.9% of identity-based attacks. [Learn about Microsoft Azure Active Directory Identity Protection.]
Multi-factor authentication (MFA) can help stop 99.9% of identity-based attacks.
3. Protect your cloud resources against DDoS and Web based attacks that can otherwise impact the availability of your service. The cloud service provider itself typically offers cloud-native security services to help detect and protect against these attacks. Also, planning and preparation are crucial to understand how a system will perform during a DDoS attack. Designing an incident management response plan is part of this effort. Using received analytics and reports on past attacks from the cloud service provider can help you optimize the incident response process while under an attack. [Learn about Microsoft DDoS Protection and Application Gateway Web Application Firewall (WAF).]
4. Remember that securing data in the cloud is imperative, both for compliance and also to earn and maintain the trust of employees, customers and partners. Data encryption at rest is a mandatory step toward data privacy, compliance, and data sovereignty; data in transit should also be an essential part of your data protection strategy. Protecting your keys is necessary for protecting your data in the cloud.[Learn about Microsoft Azure Key Vault and Azure Disk Encryption.] Also, you should control and secure email, documents, and sensitive data that will be shared outside your company. [Learn about Microsoft Azure Information Protection.]
5. Lastly, leverage tools to streamline the way you manage security and threat protection for your cloud workloads. You need to assess the security posture of those workloads, be alerted to threats in your environment, connect to existing tools and processes such as security information and event management (SIEM) and be able to take action to mitigate threats. [Learn about Microsoft Azure Security Center and Microsoft Azure Sentinel.]
Check out Seema’s previous blog post to learn about why organizations embracing hybrid and cloud infrastructures should be wary of adversaries in their cloud.
