5 keys to securing cloud environments

safe cloud

Tips for a secure cloud

Security in the cloud is a new concept for many companies. While many of the security principles remain the same as in cyber security in general, the application is often very different. In this article, we are going to study 5 practices for having a safe cloud, based on guidelines provided by Microsoft.

Reinforcing access control

Traditional security practices are not enough to defend against the most modern and advanced attacks. The safest practice is to “assume the breach”, which is, to protect ourselves as if the attacker had breached the perimeter of the network. Today, users work from many different places with multiple devices and applications, the only constant being the user’s identity.

To strengthen access control, several measures can be implemented; the first would be  to provide another layer of security by requiring two or more authentication methods, such as a password, a trusted device that is not easily duplicated and/or biometrics.

We can also take advantage of conditional access, which is a balance between security and productivity, taking into account the way a resource is accessed in an access control decision. To do this, we will implement automated access control decisions for accessing conditionally based cloud applications. 

Improving the security posture

More and more security recommendations and vulnerabilities are constantly being identified, so it is important to prioritise our response. We need to ensure that we have the necessary tools to assess our current environments and assets and identify potential security issues. To do this, we can use a tool such as Secure Score in Microsoft’s Azure Security Center to understand and improve our security posture by implementing the best practices.

It is also important to share the progress of our safety score with our organisation’s stakeholders to show the value it is providing to the organisation as it improves its safety. 

Secure applications and data

Our mission must be to protect data, applications and infrastructure through a deep layered defence strategy across identity, data, hosts and networks.

One of the most important components will be data encryption. In addition to encrypting data at rest and in transit, consider the possibility of encrypting data in use with sensitive computer technologies.

Make sure your open source dependencies are free of vulnerabilities. Also, train your developers in security best practices, such as the security development life cycle.

It is important to share the responsibility, when a company operates mainly locally, owns the whole complex and is responsible for its own safety. Depending on how you use the cloud, responsibilities change, and some responsibilities are shifted to the cloud provider.

For applications running on virtual machines, the majority of the burden is on the client to ensure that both the application and the operating system are secure. 

Mitigating threats

The operational security posture (protect, detect and respond) must be supported by security intelligence that identifies threats and can respond quickly to them.

To do this we must allow the detection of all types of resources, make sure that threat detection is enabled for virtual machines, databases, storage and IoT.

Use a cloud-based provider that integrates threat intelligence, providing the context, relevance and prioritisation needed to enable you to make faster, better and more proactive decisions. 

Protecting the network

We are in a time of change and  transformation for network security. As the landscape changes and evolves, our security solutions must meet the challenges of new threats and make it harder for attackers to exploit networks.

The configuration of your firewall remains one of the most important aspects, even with identity and access management. Controls must be configured to protect the perimeter, detect hostile activity and provide a response. A web application firewall protects web applications from common attacks such as SQL injection and cross-site scripting.

Another important aspect is to enable distributed denial of service protection, to protect web assets and networks from malicious traffic directed to the application and network layers, to maintain availability and performance, while also containing operating costs. 

Ideas & Publications

AI and Data Intelligence, OpenSistemas and neuroons key proposals at Madrid Tech Show

AI and Data Intelligence, OpenSistemas and neuroons key proposals at Madrid Tech Show

OpenSistemas and neuroons present their latest solutions in the Big Data & AI World area of the biggest technology event of the year in Spain ...
What is SaaS and examples to help build a business

What is SaaS and examples to help build a business

Saas: Software as a service What does SaaS stand for? Remember how we used to buy software as a product that we installed once and enjoyed limitless ...
Google’s artificial intelligence tool to avoid discrimination in data

Google’s artificial intelligence tool to avoid discrimination in data

The fact that some companies and Google’s artificial intelligence algorithms were discriminatory regarding race or gender shocked the entire ...