Security in the Cloud
When you hear the word security today, it’s what everyone talks about when a breach occurs. Security in the cloud is more relevant as most enterprises are moving their data into the cloud. Organizations will have to think about protecting their customer data in the cloud, as they do not have control over where their data is stored. If data is not properly planned and relevant policies and controls are not put in place, their data will be exposed. Continue reading as I uncover the steps that you need to consider when moving your data to the cloud.
Four major things to consider when it comes to security in the cloud are:
Ask yourself the following questions when you consider moving your data to the cloud.
- Is my data regulated?
Before moving your data to the cloud, the first question to ask yourself is whether the data being moved is regulated within the organization. Is there a need for it to meet certain compliance standards? Every cloud provider will let an organization know where their data is being stored. There are clouds that are dedicated to Federal data which meet compliance standards of federal data protection standards and then there are public clouds that are available for everyone to use. With so many offerings from a wide variety of cloud offerings, it’s important to analyze your data and choose the right cloud offering that meets your compliance requirements. This will ensure that your data adheres to enterprise standards to meet regulatory compliance.
- Do I have controls placed on my data?
As enterprises move their data to the cloud, proper data controls need to be in place to prevent insider attacks. Once data is in the cloud, a system administrator can have seamless access to sensitive data. This gives them the potential to become a malicious actor if there are no controls put in place. There are several cloud access security brokers (CASB) available that check the access of your data within an enterprise. Does your enterprise have visibility of the access of your data? If not, it’s time that you think about putting some controls in place to restrict access to sensitive data.
- Can I detect threats on my data?
As more and more enterprises push their data to the cloud, it is important to detect threats on your data. This relates to my second point where you put controls in place on your data. Alerts need to be sent when sensitive data is being accessed without proper approvals or in case of a breach. Cloud providers offer security at the network, platform and infrastructure level. However, the data is something that needs to be constantly monitored and alerts provided when there is a threat due to an insider attack or due to a breach. This allows enterprises to react quickly and prevent damage.
- Can I remediate a threat from happening?
The last thing that you will need to consider when moving your data to the cloud is to put remediation steps in place to prevent threats. Do I have the capability to remediate a threat or prevent a threat from happening? This relates to keeping your controls updated and constantly monitoring them so you can prevent a threat or react quickly to a threat so that it can be quickly remediated from any further damage to your data.
Security needs to be monitored 24x7x365 and protection of data is key to enterprise success, especially when your customers rely on the services you are providing them.
This is the first topic in a series of security topics that I will be blogging about. I look forward to your comments and providing my view of the security landscape throughout the year.
The following thoughts, intentions, strategies and/or solutions are those of the blog authors and do not represent the position of anyone other than the authors.