For a long time, “the public cloud,” was a foreign concept many businesses shied away from because of security concerns. In recent years, this has steadily changed. Many reliable and trustworthy third-party cloud vendors have entered the market and, with this competition, the market has matured.
While the concept of the cloud is far more accepted today with increased numbers of organizations contracting with vendors for cloud services, this doesn’t mean people can ignore security concerns. Vendors invest heavily in security but customers need to do their part as well. Rest assure, bad actors will continue to exploit any possible way they can. Any steps taken to mitigate their efforts will go a long way towards protecting sensitive and proprietary data.
Projections by Gartner suggest through 2025, 90% of the organizations that neglect to control public cloud use will share sensitive data inappropriately. Here are six ways to stay secure in the cloud.
1. Understand vendor and customer responsibilities
Cloud providers have specific responsibilities, but customers also have their share of responsibility. Understand where the vendor’s responsibility ends and where yours begins. This will vary depending on the specific vendor or type of services chosen. Carefully read over the contract, understand the language used, and take note of your security responsibilities so proper steps can be taken in day-to-day operations.
2. Keep configurations up-to-date
It is critical administrators utilize identity and access management tools as they were designed to be used.
- Remove old accounts from the system.
- Limit access for users to a need-to-know basis.
- Eliminate broad access for all users and assign specific permissions.
- Utilize multi-factor authentication (MFA).
- Require users to create strong passwords.
Cloud providers offer security tools for a reason, be sure to use them. When tools are deployed as designed, many of the accidental – or even intentional – breaches can easily be avoided.
3. Avoid security misconfigurations
One of the first vulnerabilities cybercriminals seek out is cloud misconfiguration. Administrators within an organization should routinely check their configurations to ensure they are set as intended. Look over access restrictions, access logs, and data protection settings and audit them to ensure they haven’t been changed or resources haven’t inadvertently been left exposed.
4. Inventory information stored in the cloud
Data is a valuable asset. Many organizations collect excess data because of the potential opportunities it may present in the future and, as a result, it gets stored and then forgotten about. A good practice is to take regular inventory of data and determine who has access to it.
- Remove unnecessary data with no legitimate need to reduce risk of exposure.
- Employ security on the data that does need to be kept.
- Encrypt data that does need to be kept but is not routinely accessed.
Not all data needs to be kept, nor should it be. It’s difficult to safeguard data if it’s fallen off the radar.
5. Train and educate users
Creating a culture rooted in strong security practices goes a long way towards eliminating risks. Many breaches are unintentionally caused by people. Users who are educated about security risks can better understand security measures to prevent data exposure or loss.
Provide training and written guidelines to any “do’s and don’ts” associated with cloud use and security. This should not be a one and done task, it should be revisited often as cloud providers consistently add and change features in their services. Be sure to keep everyone up to date on any changes, risks (including social engineering, including but not limited to a former employee or a cybercriminal posing as a vendor employee), or other pertinent factors relating to security.
6. Eliminate complexities
Many organizations use a combination of storage solutions and may even simultaneously use several cloud solutions. Reduce these complexities by streamlining the services used. Managing multiple sets of configurations gets convoluted and, in the process, important security steps often get missed. By simplifying infrastructure as much as possible, potential risks can be reduced.
The remote work model has been steadily growing in recent years but in 2020, it has exponentially grown and it is projected this model will continue into the future. Use of the public cloud is here to stay and due to a need for remote access, will continue to grow. Organizations understanding their share of security responsibilities can better avoid becoming tomorrow’s headlines that report the latest data breach.