Aseem Rastogi

Managing Cloud Security

Blog Post created by Aseem Rastogi on Oct 29, 2018

The Clouds Are Soaring…

 

Cloud computing is becoming an integral part of business strategy and is profoundly changing the way businesses operate and people work. According to a survey by Forbes, cloud computing is projected to increase from $67bn in 2015 to $162bn in 2020 indicating a compound annual growth rate (CAGR) of 19%.

 

The leading factors for the increase in cloud computing adoption are digital transformation and IT agility. More and more tech-savvy businesses and industries are moving towards using this technology to more capably run their organizations, better serve their customers, and mightily increase their overall profit margins.

 

Before you leap into the cloud….

 

You need to consider the challenges of cloud computing that could affect your business.  Technical and security issues are the main areas of concern.  Even the most reliable cloud computing service providers suffer from technical issues like server outages now and again.

 

The major issue in cloud computing is that of security as you will be surrendering all your business’s sensitive information to the cloud service provider. This could put your business at great risk.

 

Securing Clouds…. is vital for both smooth running of businesses and protection of customer data. Distributed Denial of Service Attacks (DDoS), Shared Cloud Computing Services, Data loss, phishing and social engineering attacks are the most common cloud computing security risks.

 

Taking Responsibility…. Cloud Security is a shared responsibility between Cloud Providers & Customers. Cloud Security providers responsibility ends till the Virtual Machine layer (for IaaS), while customer's responsibility is OS layer and above.

Steps to Cloud Security….

 

It becomes critical for your business to maintain the security and privacy protection in cloud. Following series of steps may help mitigate risks and deliver a suitable level of security to the businesses.

 

Step 1 – Securing the Infrastructure

 

Conducting an infrastructure audit and having an up-to-date inventory of all virtual machines is the first steps towards infra security. Cloud configurations have to be tuned up and audited for security vulnerabilities, besides regular OS patches, VA/PT and Endpoint security suite etc.

 

Step 2 – Getting a grip on location of data

 

Conducting a data audit before implementing any security strategy is of utmost importance. This helps create visibility & understanding of data being processed and its location. An understanding of this information will help you begin the process of applying security policies.

 

Step 3 – Data Security @Rest

 

Wherever the data is located – on the servers, in public cloud or on a hybrid environment – data@rest must be encrypted to protect it. Restricting access to sensitive data is crucial but encryption of data ensures that this data cannot be accessed by unauthorized personnel. Encryption keys should be stored in secure locations, such as on external hardware or other HSM. By securing these keys, you can prevent encrypted data from being stolen.

 

Step 4 – Two-Factor Authentication

 

A strong two-factor authentication ensures that ony authorized employees have access to the data they need to use. This is more secure than relying on passwords alone, which can be easily compromised.

 

Step 5 – Continuously Monitor

 

Just like vendors constantly patch hardware and software to prevent hackers from exploiting as bugs and vulnerabilities emerge, it is imperative for businesses to monitor their cloud configurations to avoid becoming easy targets for hackers.

 

Cybersecurity and Compliance is an ongoing process…. Once a business has implemented the above steps, it is important to repeat all these steps for all new data that enters the system. These steps will ultimately make the cloud security of your business robust and provide a level of assurance.

 

Ask us how can we help your customers secure their cloud Journey. https://cloudoptics.io 

Outcomes