Cloud security (and security in general) has become a hot topic, especially in a time where personal data has become sacred, and where privacy regulations around the world have become tighter than ever
Companies are at constant risk of being breached, and should they become the target of a cyberattack on their intellectual property and other sensitive data, they stand to lose reputation and customers. No one is spared: from financial or governmental institutions, healthcare providers and password managers, any asset has become a target.
Adjusting security for the cloud
“As more and more companies start migrating their workloads to the cloud, either entirely or only specific pieces of applications, security practices that may have made sense on premises may need to be adapted to aid you in this new environment” explains Stephan Pieterse, BBD platform engineer and cloud security expert. When data is stored in the cloud, it is vulnerable to a wide range of security threats, including hacking, data breaches and other cyberattacks.
Cloud security is critical for maintaining business continuity. A cloud outage or security breach can disrupt operations and result in lost productivity, revenue, and other negative consequences. By implementing strong security measures, businesses can reduce the risk of downtime and ensure that their systems and data remain accessible and secure.
BBD’s guiding principles
As a cloud enablement expert, BBD aligns with best security practices during the planning, development and deployment of any software. We have experience not only in migrating and designing cloud workloads, but also in making sure that these workloads follow the best practices laid out by the specific cloud provider, as well as any regional or local compliance requirements. BBD’s understanding of various sectors and their regulations and compliance requirements, offers added peace of mind to clients.
“In line with these regulations and frameworks, we follow key security principles that we aim to embed within our solutions to ensure we’re delivering a quality product” adds Pieterse. These include:
1. Least privilege
Systems and users should have the access they need to fulfil their function – no more and no less. When designing systems, only authorised systems are given access to production data, and then only the bits that they need. Additional checks include insulating production and non-production environments from each other, from the data to the network.
2. Multi-factor authentication
Wherever possible, multi-factor authentication (MFA) should be used. While the cloud provides on-demand resources to run your business workloads, it also provides on-demand resources for actors that are cracking passwords. Having multiple layers for authentication is an excellent way to mitigate password-based attacks and help keep client data safe. BBD encourages the use of MFA for our clients as well as employees in the systems they use on a day-to-day basis.
Encryption not only for data that is in transit (which has come to be expected from virtually every modern workload) but also encryption for data at rest. This includes client data that is stored in various places in the cloud, as well as the devices that staff use to interact with client systems.
4. Secure Software Supply Chain
Modern software and platforms are complex beasts, and they regularly come with code that you didn’t write but need to trust. From simple libraries to full-fledged frameworks that you build your business logic in, there are many checkboxes you need to tick to minimise your risks. From automating package updates and security scanning during builds with third-party tools, to making sure that the version of software running today has not changed when it gets redeployed tomorrow, BBD can help you secure your pipelines.
Cloud-specific best practices
As an AWS Partner, the Well Architected Framework which BBD references for all migrations and new cloud solutions includes security. “Security is not an afterthought, but rather one of the key pillars that our solutions need to stand on” says Pieterse, “Not every workload or client is the same though, and we work with you to get your systems working efficiently and securely in your preferred cloud vendor, using their documented best practices as well”.