Tips for a secure cloud
Security in the cloud is a new concept for many companies. While many of the security principles remain the same as in cyber security in general, the application is often very different. In this article, we are going to study 5 practices for having a safe cloud, based on guidelines provided by Microsoft.
Reinforcing access control
Traditional security practices are not enough to defend against the most modern and advanced attacks. The safest practice is to “assume the breach”, which is, to protect ourselves as if the attacker had breached the perimeter of the network. Today, users work from many different places with multiple devices and applications, the only constant being the user’s identity.
To strengthen access control, several measures can be implemented; the first would be to provide another layer of security by requiring two or more authentication methods, such as a password, a trusted device that is not easily duplicated and/or biometrics.
We can also take advantage of conditional access, which is a balance between security and productivity, taking into account the way a resource is accessed in an access control decision. To do this, we will implement automated access control decisions for accessing conditionally based cloud applications.
Improving the security posture
More and more security recommendations and vulnerabilities are constantly being identified, so it is important to prioritise our response. We need to ensure that we have the necessary tools to assess our current environments and assets and identify potential security issues. To do this, we can use a tool such as Secure Score in Microsoft’s Azure Security Center to understand and improve our security posture by implementing the best practices.
It is also important to share the progress of our safety score with our organisation’s stakeholders to show the value it is providing to the organisation as it improves its safety.
Secure applications and data
Our mission must be to protect data, applications and infrastructure through a deep layered defence strategy across identity, data, hosts and networks.
One of the most important components will be data encryption. In addition to encrypting data at rest and in transit, consider the possibility of encrypting data in use with sensitive computer technologies.
Make sure your open source dependencies are free of vulnerabilities. Also, train your developers in security best practices, such as the security development life cycle.
It is important to share the responsibility, when a company operates mainly locally, owns the whole complex and is responsible for its own safety. Depending on how you use the cloud, responsibilities change, and some responsibilities are shifted to the cloud provider.
For applications running on virtual machines, the majority of the burden is on the client to ensure that both the application and the operating system are secure.
Mitigating threats
The operational security posture (protect, detect and respond) must be supported by security intelligence that identifies threats and can respond quickly to them.
To do this we must allow the detection of all types of resources, make sure that threat detection is enabled for virtual machines, databases, storage and IoT.
Use a cloud-based provider that integrates threat intelligence, providing the context, relevance and prioritisation needed to enable you to make faster, better and more proactive decisions.
Protecting the network
We are in a time of change and transformation for network security. As the landscape changes and evolves, our security solutions must meet the challenges of new threats and make it harder for attackers to exploit networks.
The configuration of your firewall remains one of the most important aspects, even with identity and access management. Controls must be configured to protect the perimeter, detect hostile activity and provide a response. A web application firewall protects web applications from common attacks such as SQL injection and cross-site scripting.
Another important aspect is to enable distributed denial of service protection, to protect web assets and networks from malicious traffic directed to the application and network layers, to maintain availability and performance, while also containing operating costs.