Cloud changes some of the risks to your data’s security. Some of the traditional defenses still apply, but there’s also new technology that you’ll want to consider using to keep your data safe.
Risks to Data Security in the Cloud
Risks to data in the cloud come from several places:
1. Loss of control. You don’t have complete control over data privacy settings in the cloud. Many default configurations don’t have security as a priority. Even if you apply secure configurations across the data, the cloud provider necessarily has access to your storage devices and the data that resides on it. Because the cloud provider is responsible for maintenance, you have to rely on them to apply patches and defend against malware.
2. Shared resources. There’s also a loss of privacy that comes with cloud whatever your configuration settings. As long as you’re using shared resources in the cloud, other entities have applications and data on your infrastructure. Vulnerabilities in virtual machines may allow malware on another company’s VM to escape the VM and access resources on your own instance.
3. Misunderstood responsibilities. Because the security responsibilities are shared between your team and the cloud provider’s, it’s easy to miss security measures that you need to handle by yourself. It’s important to understand how responsibilities are broken down, including configurations, monitoring, patching, and implementing backups.
4. Insecure services. Cloud architectures rely on APIs to connect many services in order to provide application-level functionality. Insecure APIs put data at risk every time you make a call to that service.
Addressing Security Risks in the Cloud
Many security risks in the cloud can be addressed similarly to how you handle security risks in your data center.
• Identity and access management (IAM) is necessary to ensure only authorized users can use your cloud resources. In many cases, you can leverage the same IAM tools running in your data center to handle cloud identities.
• Encrypting data in transit and at rest keeps prying eyes from seeing sensitive information. All network links should be encrypted; use virtual private networks (VPNs) for additional security. Most cloud providers offer secure, encrypted storage. When possible, don’t allow the provider to manage your encryption keys but do that for yourself.
• Assessing vulnerabilities lets you spot where you can improve your security controls. Cloud vendors like AWS often have recommended configurations and can identify where your systems are weakly protected. You can also use tools like Vast View and Palo Alto Security Lifecycle Review to identify vulnerabilities.
• Data can more easily leak in the cloud. Consider using a cloud access security broker, like Bitglass, to place restrictions on data movement in the cloud and reduce the risk of data leaks.
• Employees are always the biggest security risk, both to data on premises and in the cloud. Make sure you offer appropriate training and implement effective monitoring to ensure employees don’t allow a breach to happen.