Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Strengthen Your Cloud Security in 5 Steps

27 February 2020 by UKFast

Intel Cloud Ibm WatsonMigrating your workloads to the cloud is a process filled with opportunity for business growth. However, whether your business flourishes in the cloud is not just down to what platform you choose or how much you spend, but how much attention you pay to your security.

With 90% of companies now reportedly ‘in the cloud’, threat actors have an unprecedented number of endpoints to sink their cyber-teeth into.

Studies show that nearly two thirds of organisations view security as their biggest cloud challenge. Bitglass’ 2019 Cloud Security Report states that ‘93 percent of respondents are at least moderately concerned about their ability to use the cloud securely, and that the adoption rates of basic cloud security tools and practices are still far too low’.

So, how can you make the most of cloud while ensuring your data is safe? Here’s five steps to get you started.

1.      Audit your cloud security

Audits are a great place to start to assess your current security status. Whether you’ve got an in-house team of security professionals or enlist the help of external consultancies, regular audits of your cloud security are crucial. Not only does a comprehensive audit reduce the risks of falling victim to cyber-threats, it also helps you avoid downtime.

Typically, an audit employs a variety of methods to thoroughly test (inventory) your environment. This includes port scanning, internal network scans, vulnerability scans, patch updates, process checking and firewall reviews. Risk assessments of infrastructure also play a huge part to identify high value targets, how they may be targeted and how to best protect them – not all components of your solution will need the same level of security.

2.      Secure configurations

In a 2020 Cloud Misconfigurations Report, researchers estimated that global cloud misconfiguration breaches cost companies upwards of $5 trillion over the last two years. Common configuration mistakes include:

  • ‘Secrets’ management: It’s essential to safeguard ‘secrets’ such as passwords, API keys, admin credentials and encryption keys to avoid data breaches and compromised networks.
  • Storage access: Many people misconfigure permissions for their storage and databases. This can expose storage objects and the data they hold to unintended users both internal and external to your organisation.
  • Log alerts and monitoring: If your cloud is configured to disable alerts which relate to logs and security events, you miss the opportunity to fix potential security flaws and review the data you store. Ensure all alerts are enabled to support your overall security strategy and assign someone within your team to monitor and respond to them.
  • Port access: Traffic to inbound, outbound and other ports must be restricted to limit risk of internal network scans, malware, data exfiltration and many other threats. Secure important ports and disable older, insecure protocols.

There is a wide variety of options when it comes to who sets up your cloud environment and how. Ensuring your cloud is securely configured from the start is therefore paramount and avoids further problems down the line.

3.      Ensure compliance

If your organisation operates in the cloud, your data will be stored and secured by your provider. However, ensuring your organisation is compliant with current data protection regulations, such as the GDPR, is your responsibility.

Achieving and maintaining compliance in the cloud should be discussed with your provider and written into your service level agreement (SLA). Questions to ask include:

  • Where will my data be physically stored?
  • How are servers, on which my data is stored, protected? Both virtually and physically?
  • Who can access my data and where from?
  • Who manages the infrastructure? The provider or customer?
  • How is my data segregated from other cloud users?
  • Request a responsibility matrix from the Service Provider to confirm who is responsible for what aspects of your solution.

It’s best to ensure compliance at every stage of your cloud journey. Seek the help of compliance experts if you are unsure, to avoid potential fines and data breaches as a result on non-compliance.

4.      Update and patch

Vulnerabilities are part and parcel of adopting any technology – and fixing these flaws is a core part of maintaining a strong cloud security defence.

Adopt robust policies for monitoring vulnerability announcements, installing patches and updating software. Otherwise, you’re an easy target for opportunistic hackers who target out of date and unpatched systems.

You should also discuss the responsibility of patching and updates with your cloud provider. For some managed services, your package includes taking care of all updates and patches within your cloud environment. For other solutions, only critical updates may be included, if any. Double check who takes care of these tasks to avoid a compromised network as a result of unattended vulnerabilities.

5.      Protect all endpoints

An endpoint describes any entry point into your network, e.g. laptops, tablets, your Wi-Fi router, your server. Each is a potential target for cybercriminals to infiltrate your network, with attack vectors such as malware, ransomware and web-layer attacks commonly used.

According to BitGlass’ 2019 Cloud Security Report, only 20% of companies have visibility over anomalous behaviour across their environment. But with IoT devices alone contributing 5.8 billion to the total number of enterprise network endpoints globally, this translates to potentially billions of unguarded network gateways.

Cloud-based endpoint detection and response (EDR) platforms improve and maintain your cybersecurity. Such platforms allow you to monitor and analyse events on different endpoints across your network, detecting and alerting you to potential cyber-threats and attacks. EDR solutions enhance overall network visibility and improve your business’ ability to prevent and respond to network threats both internal and external – such as unauthorised file changes and attempted login hacks.

Cloud security help from real experts

You’ve got an idea of how to get started with strengthening your cloud security. But gaining expert insight from real industry specialists is always useful – and even more so when it’s free!

Book your free place at Cloud Security Live, hosted in Manchester and London this July.

Jam-packed with talks, panel discussions and workshops from cybersecurity specialists – including former director at the National Cyber Security Centre John Noble – the event will cover a range of topics including data protection, patching, cloud payments and much more!

Discover what’s on at Cloud Security Live 2020.