Seidor
zero

24 August 2023

Best practices for protecting your data in a Cloud environment

Cloud infrastructures are constantly changing, so without the right visibility, organisations can find their environments exposed to potential attacks. When migrating data and applications to the cloud, many security processes and best practices will be much the same as their on-premises equivalents, but there is also a new set of challenges to overcome.

The following is a series of best practices for securing information in the cloud, starting with what to consider when selecting a cloud provider, and continuing with what to consider to ensure security within your organisation. Finally, we'll share a few of the fastest growing trends in this area.

With regard to the supplier

The selection of your service provider will be one of the most important factors to consider, as we are not talking about the implementation of a product, but the provision of a type of service that directly concerns the most sensitive parts of your organisation, such as its efficiency, security and compliance.

There are numerous factors to consider, including the following.

  • Have a certified supplier. It is advisable to have a cloud provider that offers the best security protocols and conforms to industry best practices. Don't settle for less. Just like the big players (Amazon, Google, Microsoft) offer transparent access to the details of their compliance strategy and certifications, so should any other supplier.
  • Understand the shared responsibility model. Leading cloud service providers such as AWS, Azure, Google Cloud or Alibaba Cloud publish what is known as a "shared responsibility model for security". Any reliable supplier will have a similar document. Analyse it and check which tasks will remain within the organisation's responsibility and which will be handled by the supplier. The ideal formula will vary depending on whether it is an as a Service (SaaS, PaaS, IaaS) or on-premises model.
  • Review service level agreements. SLAs and cloud service contracts are not only a guarantee of service and resources in case of incidents. They should also clearly detail who owns and is responsible for what data. This is a key issue, because many providers do not specify that customer data is owned by the customer, which could eventually lead to the provider claiming ownership of the data.
  • Visibility and control. You may have heard it a thousand times, but it is still important: "You can't protect what you can't see." Any good service provider has to offer full visibility of data and who is accessing it, regardless of where this person resides. The provider shall also offer continuous monitoring of activity to discover any configuration and security changes made to any part of the infrastructure and to ensure regulatory compliance.
  • Asset protection. The obligation to know where the organisation's data is stored, processed and managed has always been important, but it became mandatory with regulations such as the GDPR. To ensure that assets are protected, the provider must have advanced physical protection measures in place in its data centre to protect all information assets.
  • Operational security. When selecting a cloud service, it is key to look for a provider that can implement a robust operational security plan, always reporting immediately any changes that may affect security. The provider should also have a vulnerability management system, advanced monitoring tools, and, of course, an incident management process ready to deploy a quick and effective response to any attack.
  • Compliance. The provider should follow industry best practices for Cloud Security and, if it is a good provider, should have one or more recognised certifications such as STAR, HIPPA or PCI. It is also advisable to find a supplier with specific certifications for the sector in which your organisation operates.

In the operations

Once the provider has been selected and the organisation's Cloud Security plan has been set up, it will be necessary to maintain and nurture a business intelligence policy that allows for the automation of prevention, protection and response tasks as far as possible. Here are a number of aspects that may help you do this.

  • Visibility. Most large organisations use multiple cloud services, with a wide variety of providers and in different geographies. A proper Cloud Security strategy will provide visibility of the entire ecosystem from a single control centre, including of resources, projects and cloud regions. This also allows granular security policies to be implemented.
  • Data protection both in transit and at rest. A perfect example of shared responsibility. At the operational level, you need protection against interception or encryption of data. The provider will of course have tools to easily encrypt your data in transit and at rest, in order to ensure the same level of protection in both cases.
  • User management. Access control. It is advisable to start with a Zero Trust site, which gives users access only to the systems and data they require. To avoid complexity in policy enforcement, it is possible to define role-specific groups with different access privileges and then add new users, rather than having to customise access for each user.
  • Device protection. Most users will access their cloud services via web browsers, so advanced security at the client level will be essential, as will keeping software up to date with the latest security patches. It is equally important to implement an endpoint security solution to protect mobile devices.
  • Encrypted. When using cloud-based services, data is exposed to increased risk by storing it on a third party platform and moving it between the network and the cloud service. It is thus necessary to ensure that encryption is implemented for all data, both at rest and in transit. The cloud provider may offer built-in encryption services to protect your data from third parties, but in doing so you are allowing a third party to access the company's encryption keys.
  • Password management. The application of a strict password policy is key to preventing unauthorised access. Setting minimum requirements for a password to be valid and obliging users to update their passwords from time to time are common strategies. Multi-factor authentication can also be applied as an additional layer of security and protection.

Secure Access Agents (CASB)

The use of Cloud Access Security Brokers (CASBs) is fast becoming a central tool for implementing Cloud Security best practices. It is piece of software that sits between the user and the cloud service provider and offers a sophisticated set of tools to provide visibility of the cloud ecosystem, to enforce data security policies, and to implement threat protection and maintain compliance.

CASBs provide visibility into all cloud applications, both authorised and unauthorised, by providing a complete picture of cloud activity to take the necessary security measures. In this way, the organisation can limit or allow access based on status or location.

Another key element of CASBs is the implementation of policies to prevent unauthorised sharing of data. This enables the protection of sensitive information such as financial data, property data, credit card numbers or health records.

Finally, cloud access security agents are a good threat prevention tool, detecting unusual behaviour in cloud applications to identify ransomware, at-risk users or unauthorised applications, and even automatically remediating threats.

Assessing the security posture of the cloud

With the shared responsibility model, the cloud provider is in charge of protecting the infrastructure layer, but it is up to the user to configure the services. It's not enough to just set up the right configurations; teams need to address any deviations as soon as possible. According to Gartner, 80% of security breaches are caused by incorrect configurations.

A good solution is Cloud Security Posture Management (CSPM) tools, which provide visibility over cloud assets to act against non-compliance by preventing misconfigurations (security patches not updated, incorrect permissions, unencrypted data, etc.). They also include digital tools that allow you to evaluate security measures, policies and other implemented solutions.

CSPM tools are widely used in all types of environments: Infrastructure and hybrid environments, multicloud, containers... They also allow the management of security policies across all accounts, projects, regions or networks through a single console.

You may be interested in

24 August 2023

Cloud Security: an essential all-in-one strategy to protect data in the cloud

According to the latest research by Cybersecurity Insiders, 95% of organisations are concerned about the security of their cloud environments (cloud security), while one in four had a security incident in the cloud in the last 12 months. In fact, according to data from Gartner, this aspect will grow the most in terms of investment in 2023.

SEIDOR
24 August 2023

Device security and remote working

Remote working has now become a convenient, efficient and even necessary practice for many companies. But there are cybersecurity rules that must be implemented to avoid putting your own or your customers' sensitive information at risk.

The following are the most important aspects to be taken into account, both from an organisational and user perspective.

SEIDOR
23 August 2023

The future of hybrid work

What is the future of work? We would all like to have a crystal ball to help us answer this question with certainty.

SEIDOR