On the tenth day of CloudMas Dataquest Group offered me…

December 16, 2020

Ten Cloud security considerations

Day ten and by now you should be recognising just what a great choice DataQuest Group is for your Cloud partner. We’ve highlighted all the good things we do and why our Cloud is better, but in this blog, we’re looking at the security issues you must consider when migrating to Cloud.

Whilst the headlines often concern ransomware attacks and data breaches, the emphasis is on the criminals and their anonymous nefarious activities, rather than the human errors that allowed them access to the secure systems they are targeting.

Cloud providers typically offer any degree of service management, from self-managed with the client in control of almost every aspect of the Cloud, to fully managed where the provider takes full responsibility for the deployment, operation and security of the Cloud.

Security issues addressed in our Cloud provision

Whether we are looking after every facet of your Cloud or you undertake the management yourself, these are ten security concerns we give every consideration when we create a Cloud tailored to your exact requirements.

Cloud security architecture – the responsibility for protecting data in the Cloud lies with the customer rather than the service provider. Security must reflect the objectives of the customer’s business, threat models should be kept up to date and continuous monitoring is essential.

Unsecured storage containers – can contain all sorts of confidential information and developers sometimes lose track of every one they have created, with cheap, almost limitless storage leading to an unwanted abundance, so it’s important to regularly check your domain.

Access management – you should conduct regular audits of the level of access granted to each employee using your cloud systems, removing unnecessary privileges. Create a rigorous access policy, utilise authentication tools and when people leave the business remove their access.

Multi-factor authentication – deploy the most secure authentication and identity verification tools available for your Cloud environment, which requires users to utilise a second device like a smartphone to log in to your systems, making your storage significantly more secure.

Separation of duties – adopting this model separates the tasks that can be performed within your Cloud preventing any one user assuming total control and requiring two people to execute potentially damaging activity like deleting files, which means a hacked account poses less risk.

Watch FTP protocol – if you work with or store sensitive data likely to be targeted by criminals, turn off those no longer needed, old-fashioned ports and reduce your attack risk. It’s pretty straightforward and we can work with you to make the changes.

Monitor remote access – you have a variety of ways to connect remotely to your Cloud and all of them including, RDP, SSH and web consoles can be compromised with the right credentials or unprotected ports, so it’s important to monitor network flows and secure them appropriately.

Manage secret information – keeping copies of your admin passwords, encryption keys and API keys anywhere other than in a robust and scalable secrets management tool ,made specifically for the job with only a limited number of people having access, makes no sense and should be stopped.

Logging again – Not reviewing your server logs regularly means not only missing the opportunity to troubleshoot application and infrastructure performance, but potentially compromising security, so turn on event logging for changes to account configuration, authentication failures, etc.

Server patching – if we’re looking after the servers, they will be patched when appropriate, but if you’ve opted for self-managed service, you must be vigilant. We will notify you when a significant update is required, but remember just how vulnerable to attack outdated servers are.

There are a lot more considerations, but this is a flavour of the attention we pay to ensure you not only get the perfect Cloud, but one that remains as secure as possible. Ten days of insights to detail the DataQuest difference, so you should know by now we can deliver what you want.

If you would like any further details to consider while you fill up on turkey and stuffing in the weeks ahead, please get in touch with our own leaping Cloud-lord, Chris Baker, on 07984 574609 or email [email protected]