Businesses are increasingly moving to cloud-based platforms as they respond to the changing business environment caused by the Covid pandemic. Many business owners have concerns about cloud security based on the reports they hear in the media about security breaches in cloud environments.
Cloud Security can be implemented and operated to maximise protection against theft and malware, but it should be remembered that the business owner has the responsibility of ensuring that his end-users have little or no opportunity to initiate breaches.
The specific requirements of security in the cloud are like those of any network with Internet and perhaps remote access. The security team need to know:
- What needs to be secured.
- Who has access to the cloud and what they are allowed to access; and
- Who in the security team is responsible for what, and that they have sufficient training to be able to do it efficiently and effectively.
Simply put, cloud security is the procedures and tools used by the security team to identify and counter threats to business security. However, a balance needs to be struck between the need for security and preventing the efficient use of business systems.
Why it’s Important
Every day the media lets us know of new hacking or data theft exploits. The FBI has noted that over the last few years, DDoS attacks, data theft, and especially ransomware attacks have increased in both frequency and virulence. New attack vectors have emerged, and there is evidence that some e-commerce vendors have initiated attacks against competitors.
With that background, when a company migrates to the cloud, it is vital to understand the security needed to keep data and Intellectual Property (IP”) safe. If the management of the cloud infrastructure has been passed to a third-party service provider (“MSP”), it doesn’t necessarily follow that management of the security environment and responsibility for data and IP security is wholly the MSP’s responsibility.
Part of the selection process should be to assess the MSP’s security environment. However, it is in their best business interests to protect the integrity of their operating environment and take steps to ensure that they keep up to date with best practices in the security sphere.
However, again as the FBI say, most malware attacks are initiated between the keyboard and the chair back by user error, either accidental or sometimes deliberate. The business, therefore, has a responsibility in maintaining data and IP security.
Problem Areas of Cloud Security
Remote Access
In the past, IT had control over the devices attached to the network. They could ensure that each was properly configured with adequate anti-malware software loaded, up-to-date and operational.
In a Cloud Environment with remote access and working from home, users can use their own smart devices to access services. IT can no longer guarantee the integrity of those devices.
Compliance
Regulatory compliance can be confusing when using cloud-based services. The business is still responsible for compliance, and reliance on an MSP to meet compliance criteria could lead to compliance issues.
Misconfiguration
The business needs to ensure that its network equipment is properly configured to minimise the potential for attack. Default passwords on network components must be changed, and user security levels monitored and managed.
Traffic management
It is essential to monitor network traffic to be able to identify a possible attack early enough to counter it. In addition, it is essential to track who is accessing items of data, and who is trying and failing to access data items. That could be a potential data breach attempt.
Preventing Cloud Security Issues
Identity and Access Management (“IAM”)
IAM is the use of tools to apply policies to define who can access the network and the services they can use, both on-premises and cloud-based services. Digital identities are created for all users to provide the ability to monitor their activities in real-time and adjust their security levels as and when required.
Security Information and Event Management (“SIEM”)
SIEM automates threat monitoring, detection and response. The technology is available, tailored for cloud-based environments. The more recent addition of AI components means that SIEM can operate over multiple platforms, and allows the security team to rapidly identify potential threats and apply the appropriate reaction.
Data Loss Prevention (“DLP”)
Similar to IAM, DLP is a set of tools and services that ensures the safety of cloud-based data. It uses encryption technologies, alerts and other techniques to keep data safe, both in situ, and when being transferred over the network.
Business Continuity
Probably the most important component is having a valid Business Continuity plan. Despite all preventative measures, a site will be hacked at some point in its lifetime. Disaster recovery solutions are an essential set of tools designed to recover lost data and resume normal operations.
Cloud security, for sure, is a concern, but with the appropriate tools and diligent oversight, the dangers can be minimised.