Part 1 - Identity Assurance by Our Own Volition and Memory

Part 1 – Identity Assurance by Our Own Volition and Memory

In an earlier article we discussed what technology can displace the password. The proposition of Expanded Password System (EPS) that we advocate is now acknowledged as a ‘Draft Proposal’ for OASIS Open Projects that OASIS has recently launched as a new standardization program. We have
Not Digital Transformation; It’s “Intelligence Transformation” We Seek

Not Digital Transformation; It’s “Intelligence Transformation” We Seek

Forrester published a report titled “The Sorry State of Digital Transformation in 2018” (love the brashness of the title) that found that 21% of 1,559 business and IT decision makers consider their digital transformations complete.  Complete? Say what?! The concept of “Digital Transformation” is confusing because many

Cloud Security Statistic

Last year, Gartner predicted that, by 2020, 95 percent of all cloud security failures will be caused by user error. This means that organizations, rather than service providers, are much more likely to be responsible for issues, and therefore need to be extra diligent when it comes to securing and configuring environments.

Fortunately, there are ways to avoid becoming another statistic. By following the advice below, you’ll be able to minimize cloud security risks:

Put Your Trust in the Cloud

Security

Not long ago, many people questioned how they would be able to trust such an enigmatic entity. How were enterprise organizations who kept their data privately secured on-premises supposed to rely on cloud providers to keep their data secure and their applications safe?

Flash forward to present day: Organizations choose cloud platforms like AWS, Azure and Google Cloud Platform because they rarely face downtime and have a wealth of talented infrastructure engineers that develop and deploy best security practices.

One of the common misconceptions surrounding cloud platforms is that these platforms are solely responsible for customer’s’ security needs. Because of this misconception, many companies aren’t paying enough attention to how their employees use external applications, which can lead to employees inadvertently sharing sensitive data with third parties, other employees, or the whole internet.

Regardless of how secure your cloud platform is, without the proper controls, user education and protocols in place, there is no way to guarantee that your data is safe from malicious actors.

Share Responsibility, Avoid Mistakes

Cloud security is based on a shared responsibility model: a framework that states cloud providers are responsible for the security of the cloud itself, while users are responsible for securing the data and applications in the cloud.

AWS, Azure and the Google Cloud Platform each have their own versions of the model, detailing what the platforms securely cover and what the customer needs to maintain itself. In order to make sure you’re upholding your end of the model, and adhering to cloud security best practices, it’s important to start with having visibility into your cloud environment. With complete visibility, you’ll be able to collect data that can be monitored and audited. Since you’ll have a baseline of what’s ‘normal’ in your environment, you’ll be be alerted to potential threats to the system when any abnormalities occur.

With full visibility into your system, not only will you be able to see what’s going on in your environment, but your security team will also gain insights into their users, files, and system behavior. Continuous monitoring, and setting up alerts for abnormal behavior, helps you manage risk and keep your cloud environment safe. This is particularly important in heavily regulated industries as consistent monitoring is key to remaining compliant.

By participating in the shared responsibility model, your organization will be better equipped to understand what in the cloud is already secure, and will be able to avoid blame by maintaining and monitoring areas that aren’t secured by your cloud provider, and what your organization needs to maintained and monitor. By understanding what exactly you’re responsible for when it comes to protecting your data, your organization will be better equipped to avoid (or fix) any user-errors in the cloud that could open your environment up to malicious activity.

Use In-Platform Security Tools

To hold their side of the shared security model, cloud platform providers have enhanced built-in security capabilities. These may include web app firewalls, encryption both at rest and in transit, IAM tools, and more. A great example is AWS CloudTrail. It helps organizations pinpoint which accounts and users are accessing the platform by determining which IP address API calls are being made from, and when they occur. This platform-sourced data can be used to detect and respond to possible issues in security and can improve usage of the platform itself.

Google Cloud Platform also offers a wide range of built-in security tools that range from secured service APIs and authenticated access to setting user and credential management at the project level. After you’ve picked a cloud provider, make sure to familiarize yourself with the security offerings they built into their platform as they’re usually quite extensive.

Configure Your Cloud Environment

There are ways for companies to ensure they are doing their part when it comes to securing data and applications inside the cloud platform. As it stands right now, 73% of companies today have critical AWS misconfigurations that leave systems vulnerable to attacks non-public consoles or resources. Running a configuration audit will allow for a company to analyze where potential holes and gaps in the system exist, allowing for them to limit exploitability and vulnerabilities.

It’s up to you to make sure that you are meeting the best practices laid out by providers and the Center for Internet Security. It’s true that Amazon, Google, and Azure offer guidelines about how to best configure your cloud environment, but they can’t do it for you.

See What’s Happening in Your Workloads

In addition to the tactics listed above, you’ll want to have complete visibility into your cloud environment. You’ll want to be able to monitor, audit, and be alerted on any real or potential threats to your cloud environment in real-time, especially if you’re in a highly regulated industry that stores sensitive information and workloads in the cloud.

This shift to complete visibility may require an internal reset (especially if you’re migrating from a legacy environment), but by focusing on your cloud’s workload you’ll be able to see exactly who is doing what to your organization’s files. That way you’ll be able to keep your sensitive information safe, and stop any potential mishaps before they spiral out of control.

Be more than a statistic

Although cloud customers may be responsible for 95% of security failures in the cloud, there are ways to keep your organization — and more importantly, your data — secure. Understanding the cloud platform and its uses, implementing the shared responsibility model, and enacting best cloud security practices are some ways your organization can limit security issues within the cloud, and avoid becoming a statistic.

By Chris Gervais

Chris Gervais

Chris Gervais, VP of Engineering. As Threat Stack's head of Engineering, Chris is passionate about building, not only a rock solid, high-performance product, but also a team of elite engineers, industry best processes and a culture that attracts the best talent. Prior to Threat Stack, Chris held senior positions at lifeIMAGE, Enservio, Partners Healthcare, Inc., Inflexxion, Inc. and VIS Corporation, where he was responsible for engineering, technical operations, and technology strategy for cloud platforms.

View Website

TOP ARCHIVES

5 Simple Tips to Help Avoid Ransomware

5 Simple Tips to Help Avoid Ransomware

5 Tips to Avoid Ransomware Ransomware is a particularly pernicious form of malware: unsatiated by simply using your system as ...
What Skills Do I Need to Become a Data Scientist?

What Skills Do I Need to Become a Data Scientist?

Becoming a Data Scientist Leveraging the use of big data, as an insight-generating engine, has driven the demand for data ...
GDPR Compliance

System Vulnerabilities Are an Issue for Everyone in the Cloud Environment

System Vulnerabilities Are an Issue for Everyone Over the past decade, we have seen a drastic increase in the number ...
The Cloud Debate - Private, Public, Hybrid or Multi Clouds?

The Cloud Debate – Private, Public, Hybrid or Multi Clouds?

The Cloud Debate Now that we've gotten over the hump of whether we should adopt the cloud or not, "which ...
7 Reasons Why You Should Consider Deploying SD-WAN Alongside Public Cloud Services

7 Reasons Why You Should Consider Deploying SD-WAN Alongside Public Cloud Services

Why You Should Consider Deploying SD-WAN Software-defined WAN (SD-WAN) and public cloud IaaS services both offer powerful benefits to virtually any ...
Bluejeans video SaaS

15 Promising Cloud-Based Video Conferencing Services

Cloud Video Conferencing Services We have put together a compilation of some of the best cloud based conferencing services for businesses. The cloud video conferencing services market is expected to reach US$ 6.40 Billion by 2020 from the current $3.31 ...

CLOUD PROGRAMS

CompTIA Cloud+ Basic Bundle

CompTIA Cloud+ Basic Bundle

CompTIA Cloud+ validates the expertise needed to maintain and optimize cloud infrastructure services. IT professionals certified in Cloud+ can better realize the return on investment of cloud infrastructure services. Unlike other certifications, which may focus on a specific vendor or ...

$458.00 $449.00Learn More

Microsoft Professional Program in Cybersecurity

Microsoft Professional Program in Cybersecurity

As the number of cyberthreats continues to increase, the demand for skilled cyber professionals is also growing. Become knowledgeable on the wide set of skills that will allow you to start or grow a cybersecurity career. Protect. Describe the current threat ...

$990.00Learn More

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.