There are many layers to the cloud which means you need many layers of protection. Cloud providers will handle keeping the physical premises and the physical machines safe, but you remain responsible for your virtual machines, your applications, your network, and your data. Here’s what you need to do to make sure your cloud is safe.
1. Understand Your Responsibility
Security in the cloud is a partnership between you and your cloud vendor, and it’s important you understand the level of support they provide. The security managed by the cloud provider will vary according to which cloud model you use (IaaS, PaaS, or SaaS). Make sure you understand exactly what they are leaving up to you. In addition, most cloud providers offer an array of tools and services to help you protect your data. Understand what is available as part of your cloud contract, which security features the cloud provider will charge extra for, and what security tools you’ll need to obtain from a third party.
2. Secure Access to the Cloud
Data security is all about restricting unauthorized access to data. The same access controls that have value in your data center remain important in the cloud. Make sure users have strong passwords, and use multifactor authentication. Use role based access controls to limit users to the minimum privileges needed for their job. Review all configurations to make sure applications, machines, and databases that are supposed to be private are not accidentally configured as public. Some cloud providers have tools to compare your configurations to recommended standards; run them regularly.
3. Use Encryption Everywhere
Make sure unauthorized users can’t read data by encrypting it in transit, through secure connections, and at rest, through encrypted storage. When possible, don’t allow cloud providers to manage your keys.
4. Protect Your Cloud by Protecting Your Network
Take the same measures to protect your cloud virtual machines against threats from the network as you would for internal servers. Block dangerous ports and use a cloud firewall to manage traffic.
5. Monitor Cloud Activity
Make sure all access and network activities are logged, and review the logs periodically. You can pull them into your event monitoring and analytics programs to scan for suspicious activities.
6. Consider Using a Cloud Access Security Broker (CASB)
Many of the security measures needed in the cloud are the same as you’d use internally. CASBs are a security control designed for the cloud. They can help you identify shadow IT usage of unapproved cloud services and prevent data leakage and data loss through documents uploaded to the cloud.
dcVAST provides managed services to help you secure your cloud, including managed AWS and Bitglass, an industry-leading CASB. We work with you every step of your cloud journey to ensure your data is protected. Contact us to learn more about keeping your data safe in the cloud.