If dodgy data activity is rattling your confidence in migrating your business to the cloud, you’re not alone. Data breaches are now headlining newsfeeds on a regular basis. The sheer volume of the world’s daily data collection is also spiking security concerns, making the business of protecting it all the more complex. As a leading software development and cloud enablement company, we understand that an organisation’s cloud solution will always be a moving target. No one is immune to the vulnerabilities involved in storing data in the cloud.
Often an afterthought
“This is something that needs to be set up correctly from the very beginning and continuously monitored” says Clayton York, a certified AWS Advanced Networking Specialist, cloud engineer and part of the managed cloud services team at BBD.
“It is advisable to adhere to the five key pillars at the start of any cloud migration plan, one of which involves security measures,” The other pillars of a well architected framework that must be taken into consideration are operational excellence, reliability, performance efficiency, and cost optimisation factors.
The design principles which incorporate these security measures should include tools which can be applied throughout the different layers to provide you with end-to-end protection. This can be achieved by implementing automated security practices and preventative components to guard against potential threats.
Seriously, think security
Customers, revenue or overall reputation – the very things any business fears becoming compromised or losing altogether are the same reasons why a security strategy must be clearly defined from the beginning.
But it’s not only loss of data, the last thing any organisation wants is an exorbitant bill. With the massive scalability of the cloud at their fingertips, coupled with a malicious intent, hackers can quickly ramp up your costs if your cloud environment is not as secure as you think it is.
“Not all breaches will take you by complete surprise either. Many tricks in a hacker’s toolbox can be planned for and that’s why having the correct security measures in place helps to avoid such a bill, or the loss or theft of sensitive data” explains York.
To have the mindset that security will only be handled entirely by the cloud provider is not correct. York explains that security is a shared responsibility between the provider and the customer. Which is why selecting the right cloud partner for you is an essential stepping-stone in achieving a secure journey to the cloud.
Simply put, it’s not worth cutting corners at any stage of a migration to the cloud. Credible cloud providers have the best quality infrastructures, highly skilled resources and the professional software in place that’s needed in order to achieve resilience. York explains that at BBD, this is what the client is ultimately paying for when it comes to implementing a top-notch security solution in the cloud.
York advises that in order to protect yourself against vulnerabilities, always do your research and follow the best practices recommended by your cloud provider during the initial planning phase of your migration strategy. Use the cloud management security tools as they give you an overall indication of the status of your environment and outline potential weaknesses.
• Ensure that your users accounts are configured with least privileged access
• Enforce Multi-Factor Authentication on all admin cloud management accounts
• Preserve the integrity of your data by enforcing the use of stringent encryption techniques of all data in transit as well as all sensitive data at rest
• Opt for a custom cloud solution which meets your requirements as hosting your data in the cloud does not automatically make it secure and resilient
• Backup your critical data
• You’re putting your data at risk if you are accessing your cloud instances directly over the public internet without some form of second level protection like a bastion or VPN
• Ensure you have set up alert monitoring and notifications for any security changes and irregular behaviour in your access logs
A prevention rather than cure approach is key to prevent any data or workflow exposure. Human misconfiguration issues are the biggest cause of information leaks. York suggests implementing security processes which enforce a tight lock-down on user access rights as well as audit trails to track user access in relation to resources.
• Ensure your management portal credentials and application programming interface (API) are kept away from prying eyes – API security is often overlooked
• Keep all credentials stored in a secure central location on an encrypted storage medium
Understanding cloud vs on-prem
On-premise solutions differ from cloud in that a business’ internal teams are solely responsible for their own security. Everything from the infrastructure to the application is up to a business to manage on their own. Once a cloud migration has taken place, the responsibility shifts.
After migration, a cloud provider now becomes responsible for protecting the underlying infrastructure which comprises hardware, software and networking that run the cloud services. The customer will now have access to the cloud services and is now responsible for the configuration thereof in order to reach the desired level of security.
“A well-established business with a substantial workload in local datacentres usually requires a lengthy transition period to complete the cloud migration” explains York. During this period the business would be running in a hybrid scenario which from a security perspective can easily become a very uncontrolled situation by exposing new vulnerabilities if not managed correctly.
To prevent against vulnerabilities, and dodge any potential disasters, a security strategy not only needs to be well architected; it must also be adaptable. A patch the holes before they’re made approach helps to anticipate breaches. Preventative measures offer the added bonus of being able to detect any early breaches that occur, and tighten the screws.