A checklist for strengthening your cloud security posture – ET CISO
https://etimg.etb2bimg.com/thumb/msid-81404212,imgsize-226474,width-1200,height=765,overlay-etciso/news/a-checklist-for-strengthening-your-cloud-security-posture.jpg
By Ravi Maguluri
According to IDC’s IT spending Survey, May 2020, as a result of the spread of the pandemic, 64% of the organizations in India are expected to increase demand for cloud computing while 56% for cloud software to support the new normal.
Cost savings, scalability, and flexibility have driven enterprises’ cloud adoption. However, in this cloud-aware era, cyber-attacks and data breaches can bring unprecedented challenges, causing the loss of millions of dollars to an organization if the cloud security posture is not strong. Amid these threats, establishing, maintaining, and testing a security system becomes essential, if a company has to prevent or mitigate the impacts of such threats.
How can a company strengthen its security posture on the cloud? A list of considerations and recommendations are given below that can help a company keep up the security posture and be prepared to deal with the security challenges.
Secure Foundation: Building a strong cloud security posture needs a robust cloud infrastructure built over an effective security framework. Standard frameworks defined by international regulatory associations such as NIST (National Institute of Standards and Technology) and CIS (Center for Internet Security) can be useful. If you have not already adopted one, start with it, and use their recommendations to build a strong defense system.
HIPAA compliance: An improper implementation would entail not only additional cost to the company but also pose security challenges. A cloud service provider who is HIPAA compliant can ensure proper implementation and cloud security.
Data Encryption: A simple step to enable data privacy on cloud is to build encryption before the data is uploaded on the cloud and provide limited access to it to ensure data protection.
Whitelisting controls: Companies often use third-party applications, in which case, the users in the organization may not be aware if those outside the organization have access to their data. Whitelisting can help establish greater control over data so that only trusted applications with a higher level of protection are used.
System Containers: System containers can surround traditional systems, giving them a greater depth in defense. A container makes cloud applications programmable. One can program automatic monitoring to trigger systems to allow remote monitoring of the network behavior and internal usage of applications. Any unusual activity observed would trigger an immediate notification and a previously defined response.
Health Monitoring: A company should have a system that notifies security vulnerabilities for proactive actions to improve cloud security. A cloud monitoring system installed on the cloud infrastructure, can detect problems in network security, compute, storage, and access controls to bring them to notice before any damage.
Prevent Social Engineering: Phishing and other social engineering tactics, like whaling, baiting, tailgating, pre-texting and watering hole, are often used by attackers to break into the system. These are seen as top threats for corporate systems by 65% IT professionals today, as per Teckbeacon. It may be difficult to prevent such attacks; nevertheless, employees can be trained to prevent them from falling prey to such devious tactics.
Identity and Access Management: Everything depends upon who is given access to a company’s data and systems. A wrong person with access to critical systems can prove disastrous for any organization. Here are a few things that can help implement an effective IAM (Identity and Access Management) to prevent data and systems from falling into the wrong hands:
* Having a centralized interface to manage all third-party applications can ensure that only trusted third-party applications are implemented.
* Real-time analysis of risks can add triggers to alert an organization against the occurrence of an unusual event so that timely action can be taken.
* Using multistep authentication, in addition to creating strong passwords, can ensure that the break-in is not easy for a cyber attacker.
Advanced Threat Protection: It is imperative to have an intrusion detection system installed for uncovering endpoint threats. Companies can use threat intelligence gathered by prominent players who understand the techniques of attackers and provide a shield against common breaches. When faced with a breach, an advanced threat protection center takes an investigative path to discover the causes and upgrades systems for better responses to threats in the future.
Security Audits: Last, but not least, you can never be 100% confident that you have taken enough measures for protection. A security audit can help an organization understand system vulnerabilities that can be exploited. It can reveal users with access to systems, security threats faced by the organization, potential risks, and unpatched applications. Several conventions and testing methods have been defined in security auditing models that are often used for checking the cloud security posture such as Provable Data Possession (PDP), Penetration Testing, and Remote Integrity Checking (RIC). PDP is a protocol that helps assess the probability of having a company file stored with a third party. A penetration testing of a security architecture can uncover the issues that went undetected in earlier tests. RIC can help an auditor check the integrity of a file stored on the cloud.
While 0-day vulnerabilities, exploits, and data-breaches would never cease to exist, organizations should opt for industry-best security practices to create a robust cloud security posture that is not easy to break-in.
(The author is Chief Technology Officer, Cloud business, Sify Technologies)