3rd December 2020
4 Min read
Moving your organisation’s IT environment to cloud computing provides the benefits of productivity, flexibility and agility. Storing data in the cloud requires your business to understand and implement measures that protect and manage your information. A high volume of data, particularly sensitive data, in the cloud requires risk mitigation and appropriate security controls to prevent a data breach or loss from occurring.
It is important to put security measures in place to maintain control over your data and how to recover it should loss happen. A focused security strategy will secure your assets in the cloud and help you make the most of cloud computing. Your security strategy should ensure you can maintain business continuity, compliance and risk management.
You should identify and evaluate the risks associated with using cloud computing and how it impacts your IT environment. Your focus should always be on keeping your data secure. Security should be embedded in the development and migration process when configuring a new cloud environment. Developing strong security measures that work in tandem with your systems will ensure your protection is a benefit, not a burden to your organisation.
There are many security risks to cloud computing that you must be aware of to ensure you secure your data in the cloud successfully. You should understand what the risks are, how they occur and how to overcome them. The most common risks to be aware of are:
1. Conduct cloud security testing
Cloud security testing identifies weaknesses in the design and configuration of your resources, services and object policies that may enable untrusted parties to access your sensitive information. Security testing is essential to ensure that configurations enabled by the cloud platform are applied in best practice.
Sentrium can support your cloud security testing requirements. Our cloud-based testing solutions offer assurance for your organisation to ensure that your data in the cloud is protected. Our experts can provide cloud security services with frequent audits as well as one-time assessments.
2. Encrypt your data
Encryption is a significant line of defence against malicious actors who want to gain access to your sensitive data. It is important to make sure that data is secured at rest (such as in a database) and during transit (for example, when a file is downloaded).
Cloud platforms provide many features that support encryption, however it is common for default settings to be less secure than recommended.It is important to review encryption settings across all of your cloud resources to ensure they are enabled and appropriately configured.
3. Create strong passwords
Strong passwords may seem a basic way to secure your data but it is an essential step. You should create strong passwords for every account you own, especially on sensitive files and data, as well as every device used for work purposes.
The NCSC has created password guidance for organisations looking to create and implement strong passwords to secure data. You should avoid using predictable passwords that may be associated with your business, switch on password protection, use two-factor authentication and change all default passwords.
4. Implement two-factor authentication (2FA)
Two-factor authentication should be used on your cloud accounts to protect your sensitive data. Two factor-authentication ensures that anyone who must sign in to your accounts is required to provide an extra level of authentication in addition to a password to gain access.
Malicious actors who may have discovered your password will need to provide the second identifier to access any data. This second factor of authentication could be a code sent to your phone, PIN number from a mobile app or physical security key that only authorised users will have. Not all accounts will automatically ask you to set up a second factor of authentication, however most cloud providers allow you to configure policies that require users to add this control.
5. Log and monitor cloud activity
Storing a significant amount of data and information in the cloud demands full visibility of your environment. All major cloud providers have services relating to the collection of logs from cloud resources that enable you to monitor all cloud activity. You can configure alerts to get notified when security events occur to make you aware of potentially malicious activity.
These services enable you to customise your logging and monitoring dashboards to help you identify when issues emerge such as an anomaly or pattern that may require your attention. You can use these tools to investigate your cloud environment and remediate threats in a timely manner before they impact your data.
Securing your data in cloud computing can be achieved by ensuring you follow the steps above. Cloud security testing will identify vulnerabilities and ensure you can apply configurations appropriately to protect your data. By identifying and evaluating the risks involved in cloud computing, you can maintain a strong security posture that adequately mitigates risks and secures your data in the cloud environment.
OWASP Top 10 2021 Released
The Open Web Application Security Project (OWASP) is a not-for-profit organisation that aims, through community-led open-source projects, to improve the security of web-based software. OWASP…
What is penetration testing and why is it important to use a CREST-approved provider?
Trusting the effectiveness of your IT security controls is crucial to mitigate risks and malicious access to your systems and the information they store. Penetration…
How secure use of the cloud can digitally transform your business
Companies that move towards digital transformation can innovate more quickly, scale efficiently and reduce risk by implementing cloud security best practices. Businesses must keep up…
How to prepare your business for secure cloud migration
The cloud holds a lot of potential for organisations. Moving your IT environment to a secure cloud provides flexibility and agility. It allows your team…
Celebrating Sentrium’s contribution to cyber security
2020 is the year that remote working exploded. Businesses and the general public had to quickly adapt to new ways of working caused by the…
What is CREST and what are the benefits of using a CREST accredited company?
We’re delighted to announce that Sentrium Security is now a CREST accredited company! This is an exciting achievement for us and it’s great to be…
Application Security 101 – HTTP headers
1. Strict-Transport-Security The HTTP Strict Transport Security (HSTS) header forces browsers and other agents to interact with web servers over the encrypted HTTPS protocol, which…
New Exchange RCE vulnerability actively exploited
Exchange admins now have another exploit to deal with despite still reeling from a number of high profile attacks this year including ProxyLogon and ProxyShell.…
How effective is secure code review for discovering vulnerabilities?
We’ve recently discussed application security and the trend we’re seeing in which companies are increasingly implementing security early on in the Software Development Life Cycle…
Application Security (AppSec)
There is a movement in the IT security world that is gaining traction, and it is based around the implementation of security within applications from…
Enhancing Security in your Software Development LifeCycle – Dealing with Dependencies
The adoption of agile practices has resulted in the emergence of shift-lift testing, where testing is performed much earlier in the Software Development LifeCycle (SDLC).…