5 keys to securing cloud environments

safe cloud

Tips for a secure cloud

Security in the cloud is a new concept for many companies. While many of the security principles remain the same as in cyber security in general, the application is often very different. In this article, we are going to study 5 practices for having a safe cloud, based on guidelines provided by Microsoft.

Reinforcing access control

Traditional security practices are not enough to defend against the most modern and advanced attacks. The safest practice is to “assume the breach”, which is, to protect ourselves as if the attacker had breached the perimeter of the network. Today, users work from many different places with multiple devices and applications, the only constant being the user’s identity.

To strengthen access control, several measures can be implemented; the first would be  to provide another layer of security by requiring two or more authentication methods, such as a password, a trusted device that is not easily duplicated and/or biometrics.

We can also take advantage of conditional access, which is a balance between security and productivity, taking into account the way a resource is accessed in an access control decision. To do this, we will implement automated access control decisions for accessing conditionally based cloud applications. 

Improving the security posture

More and more security recommendations and vulnerabilities are constantly being identified, so it is important to prioritise our response. We need to ensure that we have the necessary tools to assess our current environments and assets and identify potential security issues. To do this, we can use a tool such as Secure Score in Microsoft’s Azure Security Center to understand and improve our security posture by implementing the best practices.

It is also important to share the progress of our safety score with our organisation’s stakeholders to show the value it is providing to the organisation as it improves its safety. 

Secure applications and data

Our mission must be to protect data, applications and infrastructure through a deep layered defence strategy across identity, data, hosts and networks.

One of the most important components will be data encryption. In addition to encrypting data at rest and in transit, consider the possibility of encrypting data in use with sensitive computer technologies.

Make sure your open source dependencies are free of vulnerabilities. Also, train your developers in security best practices, such as the security development life cycle.

It is important to share the responsibility, when a company operates mainly locally, owns the whole complex and is responsible for its own safety. Depending on how you use the cloud, responsibilities change, and some responsibilities are shifted to the cloud provider.

For applications running on virtual machines, the majority of the burden is on the client to ensure that both the application and the operating system are secure. 

Mitigating threats

The operational security posture (protect, detect and respond) must be supported by security intelligence that identifies threats and can respond quickly to them.

To do this we must allow the detection of all types of resources, make sure that threat detection is enabled for virtual machines, databases, storage and IoT.

Use a cloud-based provider that integrates threat intelligence, providing the context, relevance and prioritisation needed to enable you to make faster, better and more proactive decisions. 

Protecting the network

We are in a time of change and  transformation for network security. As the landscape changes and evolves, our security solutions must meet the challenges of new threats and make it harder for attackers to exploit networks.

The configuration of your firewall remains one of the most important aspects, even with identity and access management. Controls must be configured to protect the perimeter, detect hostile activity and provide a response. A web application firewall protects web applications from common attacks such as SQL injection and cross-site scripting.

Another important aspect is to enable distributed denial of service protection, to protect web assets and networks from malicious traffic directed to the application and network layers, to maintain availability and performance, while also containing operating costs. 

Ideas & Publications

The importance of emotional salary for your company

The importance of emotional salary for your company

Can a company reward its employees in terms of good feelings? We are all familiar with the study that showed that increasing the salary has no ...
EXAMPLES AND REAL INDUSTRIAL AUTOMATION PROJECTS

EXAMPLES AND REAL INDUSTRIAL AUTOMATION PROJECTS

In this article we look at examples of how industrial automation is revolutionising the business world and optimising processes. ...
Azure IoT Hub: Tools & Tips to manage IoT devices

Azure IoT Hub: Tools & Tips to manage IoT devices

We discuss the main features of Azure IoT Hub and its possibilities in the enterprise and industrial world. ...