Pillar 1: Identity and Access Management (IAM) policies and authentication controls
When granting privileges to assets and APIs that are necessary for a group or role to carry out tasks, do so minimally to mitigate potential disruptions that result from errors or breaches. Don’t forget to enforce strong password policies, session/permission time-outs, etc.
Pillar 2: Enforce Zero Trust network security and maintain least privilege access
When deploying your apps and essential business resources, make sure to do so in logically isolated sections of your provider’s network.
For AWS and Google, you would go with Virtual private Clouds. For Microsoft Azure, you would use vNet. You should also utilize subnets as a way of micro-segmenting your workloads and employ granular security protocols at their gateways for more secure communication.
Pillar 3: Enforce virtual server protection protocols
When considering a vendor for your company’s cloud security, be sure that they provide a robust option for Cloud Security Posture Management. Their option should consistently apply governance and compliance rules and regulations, as well as templates to help with virtual server provisioning, configuration audits, and automated remediation.
Pillar 4: Utilize a next-generation web application firewall
Next-generation web application firewalls are essentially for properly monitoring and validating inbound and outbound traffic from your cloud servers. Whichever firewall you decide to go with should come with automated updates.
Pillar 5: Utilize enhanced data protection
All transport layers, file shares, and communications should be encrypted where possible. Make it a point to continually monitor compliance risks and maintain good data storage hygiene so that it doesn’t become a pain to locate critical files when you need them.
Pillar 6: Real-time threat intelligence
When your cloud systems encounter a threat, time is of the essence. Look for solid cloud security vendors that offer all the tools you need to visualize and understand the threat landscape and isolate any attacks.
Any alerts and intrusions should come in real-time so that you can respond to threats as quickly as possible—some of the best cloud security tools will even have automated remediation workflows that begin dealing with issues before you’ve even become aware of them.
Considerations when seeking cloud security solutions
Choosing to move to the cloud is not an easy decision for most companies. You’ll no doubt find yourself asking your IT team/MSP questions such as: Who’s going to be using the cloud data and exactly what data will be stored there? Who will be assigned which permissions? Who will we share our data with? How will our solution fit into all this?
Those are all good and important questions to ask, but to help guide you during your search for your ideal cloud security solutions, keep your eye out for options that can handle:
- Collaboration controls — should help you manage collaboration controls to add, remove, revoke, or downgrade user permissions.
- Data classification — should be able to classify data at multiple levels (i.e., regulated, sensitive, public, etc.).
- Data Loss Prevention (DLP) — should actively monitors suspicious activity.
- Malicious behavior identification — should identify accounts that have been compromised and detect insider threats with user behavior analytics (UBA).
- Encryption — unwanted eyes shouldn’t be able to read or understand the data.
- User access control — the right users can access critical cloud data and apps. Using a Cloud Access Security Broker (CASB) helps.
- Device access control — qualified devices should be allowed to access your cloud data but not give access to unknown devices requesting access.
- Malware prevention — application whitelisting, machine learning-based malware detection, and file-scanning should be implemented. It should also monitor incoming and outgoing network traffic for suspicious activity.
- Compliance Assessments — should review your databases and systems for PCI, HIPAA, Sarbanes-Oxley, and other regulatory requirements.
- Risk assessment — it’s easier to focus on problematic factors when your security solution can conduct risk assessments.
With the increasing amount of companies migrating to the cloud, it’s more important than ever to ensure your company’s private data is secure. To achieve solid cloud security, companies must evaluate their cloud security options and be deliberate in their choice, before they become another victim of cybercrime.
When should you assess your business’s data and systems security?
Even the best security systems should be monitored to make sure they’re functioning properly. We recommend an assessment of your data and systems every 6 months to a year. These assessments can take a serious amount of time and effort, especially for larger companies dealing with lots of data. Luckily, Commprise can relieve you of that burden with our Managed Security Services.
