Phone : +91 95 8290 7788 | Email :

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » A checklist for strengthening your cloud security posture – ET CISO

A checklist for strengthening your cloud security posture – ET CISO

A checklist for strengthening your cloud security posture – ET CISO,imgsize-226474,width-1200,height=765,overlay-etciso/news/a-checklist-for-strengthening-your-cloud-security-posture.jpg

By Ravi Maguluri

According to IDC’s IT spending Survey, May 2020, as a result of the spread of the pandemic, 64% of the organizations in India are expected to increase demand for cloud computing while 56% for cloud software to support the new normal.

Cost savings, scalability, and flexibility have driven enterprises’ cloud adoption. However, in this cloud-aware era, cyber-attacks and data breaches can bring unprecedented challenges, causing the loss of millions of dollars to an organization if the cloud security posture is not strong. Amid these threats, establishing, maintaining, and testing a security system becomes essential, if a company has to prevent or mitigate the impacts of such threats.
How can a company strengthen its security posture on the cloud? A list of considerations and recommendations are given below that can help a company keep up the security posture and be prepared to deal with the security challenges.

Secure Foundation: Building a strong cloud security posture needs a robust cloud infrastructure built over an effective security framework. Standard frameworks defined by international regulatory associations such as NIST (National Institute of Standards and Technology) and CIS (Center for Internet Security) can be useful. If you have not already adopted one, start with it, and use their recommendations to build a strong defense system.

HIPAA compliance: An improper implementation would entail not only additional cost to the company but also pose security challenges. A cloud service provider who is HIPAA compliant can ensure proper implementation and cloud security.

Data Encryption: A simple step to enable data privacy on cloud is to build encryption before the data is uploaded on the cloud and provide limited access to it to ensure data protection.

Whitelisting controls: Companies often use third-party applications, in which case, the users in the organization may not be aware if those outside the organization have access to their data. Whitelisting can help establish greater control over data so that only trusted applications with a higher level of protection are used.

System Containers: System containers can surround traditional systems, giving them a greater depth in defense. A container makes cloud applications programmable. One can program automatic monitoring to trigger systems to allow remote monitoring of the network behavior and internal usage of applications. Any unusual activity observed would trigger an immediate notification and a previously defined response.
Health Monitoring: A company should have a system that notifies security vulnerabilities for proactive actions to improve cloud security. A cloud monitoring system installed on the cloud infrastructure, can detect problems in network security, compute, storage, and access controls to bring them to notice before any damage.

Prevent Social Engineering: Phishing and other social engineering tactics, like whaling, baiting, tailgating, pre-texting and watering hole, are often used by attackers to break into the system. These are seen as top threats for corporate systems by 65% IT professionals today, as per Teckbeacon. It may be difficult to prevent such attacks; nevertheless, employees can be trained to prevent them from falling prey to such devious tactics.
Identity and Access Management: Everything depends upon who is given access to a company’s data and systems. A wrong person with access to critical systems can prove disastrous for any organization. Here are a few things that can help implement an effective IAM (Identity and Access Management) to prevent data and systems from falling into the wrong hands:

* Having a centralized interface to manage all third-party applications can ensure that only trusted third-party applications are implemented.
* Real-time analysis of risks can add triggers to alert an organization against the occurrence of an unusual event so that timely action can be taken.
* Using multistep authentication, in addition to creating strong passwords, can ensure that the break-in is not easy for a cyber attacker.

Advanced Threat Protection: It is imperative to have an intrusion detection system installed for uncovering endpoint threats. Companies can use threat intelligence gathered by prominent players who understand the techniques of attackers and provide a shield against common breaches. When faced with a breach, an advanced threat protection center takes an investigative path to discover the causes and upgrades systems for better responses to threats in the future.

Security Audits: Last, but not least, you can never be 100% confident that you have taken enough measures for protection. A security audit can help an organization understand system vulnerabilities that can be exploited. It can reveal users with access to systems, security threats faced by the organization, potential risks, and unpatched applications. Several conventions and testing methods have been defined in security auditing models that are often used for checking the cloud security posture such as Provable Data Possession (PDP), Penetration Testing, and Remote Integrity Checking (RIC). PDP is a protocol that helps assess the probability of having a company file stored with a third party. A penetration testing of a security architecture can uncover the issues that went undetected in earlier tests. RIC can help an auditor check the integrity of a file stored on the cloud.

While 0-day vulnerabilities, exploits, and data-breaches would never cease to exist, organizations should opt for industry-best security practices to create a robust cloud security posture that is not easy to break-in.

(The author is Chief Technology Officer, Cloud business, Sify Technologies)

  • Published On Mar 9, 2021 at 08:53 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles

Scan to download App

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India













What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.


Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.


Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : | Support Email :

Register & Request Quote | Submit Support Ticket