GUEST ESSAY: 6 best practices that will help protect you company’s digital assets in the cloud

By Mike James

More businesses than ever before are choosing to move their IT infrastructure and systems to cloud solutions such as Amazon Web Services and Microsoft Azure. There are many reasons to choose a cloud solution including increased flexibility and scalability, as well as reduced cost. In fact, a recent study of nearly 200 businesses and entrepreneurs found that 76% are looking to cloud solutions in order to increase the efficiency of their business.

Related: Why identities are the new firewall


But some organizations make the mistake of assuming that storing data in the cloud makes it automatically safe and secure. The truth is, that public and private cloud networks are just as vulnerable to attack by cyber criminals as on-premise environments, so to ensure the safety of your data, it is essential that you should put appropriate controls in place to protect data wherever it is resides. Here are seven best practices:

•Monitor your cloud networks. It is important to achieve visibility of activity in your cloud networks, as this can help you to monitor and identify malicious activity before it becomes a problem. If you don’t have the sort of technical expertise in-house to make this possible, managed detection and response services can provide you with the manpower, tools and threat intelligence to monitor your networks 24/7 and swiftly respond to attacks.

•Make sure networks and applications are configured correctly. Regularly examining and assessing cloud infrastructure to ensure that networks and applications are securely configured is another important step. It is unfortunately the case that a large percentage of security breaches against cloud platforms are due to basic security negligence. Vulnerability scanning and penetration testing can help to identify weaknesses and areas where networks have not been configured correctly. Exposures can then be addressed and rectified before they are exploited by criminals.

•Limit access. One of the major advantages of storing data in the cloud is that you and your staff have the ability to access information anywhere and at any time – but this does come with its own risks. Staff and clients who have access to your networks should only ever have access to the data that they need to perform their job; custom permissions should always be set according to the role of individuals.  Closely managing access permissions has a twofold benefit: it limits the scope of an attack where an individual’s login credentials have been compromised and also helps to helps to minimise the risk of insider attacks.

•Take password security seriousl. Despite the fact that we all use passwords to access personal accounts every day, weak passwords are still a major cause of business data breaches. It is important then, not to assume staff will be using strong passwords as a force of habit – a strong password policy needs to be enforced to ensure that employees use complex passwords that use a combination of unique characters, numbers, and upper and lower-case letters.

Multi-factor authentication (MFA) can also be used to provide an additional layer of protection. This means that access to systems is only granted when a user can verify their identity with not only a password but a supporting piece of information that only the person should know or immediately have to hand, such as a temporary verification code sent to a mobile phone.

Related: Getting Identity Access Management right.

•Ensure you have comprehensive backups. Do not fall into the trap of assuming that data stored in the cloud is entirely secure and fully protected against data loss. Remember that the ‘cloud’ is just another server located somewhere else, and no system is infallible. It is best to have multiple backups, especially of business-critical data that is essential for day-to-day operations, on both cloud and on-premises servers.

•Encrypt your data. Finally, it is good practice to encrypt your data. This can be implemented as a fail-safe to ensure that even if your security measures fail to prevent data a breach, the data itself cannot be accessed.

About the essayist: Mike James is a Brighton, UK.-based cybersecurity professional; his 15 years IT experience, includes penetration testing and ethical hacking projects.


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone