Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).
1. 13
tips
for cloud
security
Protecting your mission-critical data
and applications in the cloud can best
be accomplished through a joint effort
between your organization and your
cloud services provider (CSP).
These 13 tips can help.
2. Know
Your
Data
Classify the data you will be storing and/or
processing in the cloud. How sensitive is it?
Does it have value as intellectual property?
Is it subject to privacy restrictions such as
those specified by HIPAA or Safe Harbor or
to standards such as PCI DSS? Then, define
the security controls that are appropriate to
protect that information. Make sure that the
CSP has the appropriate logical and physical
controls ─ and that they are effective.
“Classify the data you
will be storing and/or
processing in the cloud.”
Know
1
3. Monitor
Create a transparent process that controls who
can see the information you are storing and/
or processing in the cloud, and then create a
“self-destruct” policy for sensitive information
that does not need to live indefinitely outside
of the confines of your organization.
“Create a transparent
process that controls who
can see information you
are storing...”
Monito
2
Data
Usage
4. 3
Consider two-factor or multi-factor authentication
for all information that needs to be restricted. In
addition, consider a tier structure for your access
policies based on the level of trust you have for
each person who has access to your data. Using
the correct permissions and the rule of the "least
privilege" are among the best protections against
accidental or malicious detection. This applies to
your CSP too, as well as any companies that you
may work with that could potentially have access
to your data.
“Consider two-factor or
multi-factor authentication
for all information that
needs to be restricted.”
3
Set
Set
Trust
Levels
5. Beef up
Strengthen your risk-based authentication
techniques and issue security tokens to
employees. You’ll also want to make sure
your CSP employs identity access and
authentication tools that are equal or better
then what you have in place. For added
security, supplement authentication practices
with safeguards such as device or IP tracking
and behavioral profiling.
“Strengthen your riskbased authentication
techniques and issue
security tokens to
employees.”
4
Beef up
4
Authentication
Techniques
6. Log
and
Report
Put comprehensive logging and reporting in
place. Logging is critical for incident response
and forensics – and the reports and findings
after the incident are going to depend heavily
on your logging infrastructure. Also, coordinate
with your CSP and make sure performance
metrics for reporting and auditing are included
in your service agreement.
“Also, coordinate with
your CSP and make sure
performance metrics for
reporting and auditing
are included in your
service agreement.”
5
Log
5
7. 6
Make sure that your “golden image” virtual
machines and VM templates are hardened
and clean. This can be done with initial system
hardening when you create the images. Take
advantage of technologies that enable you
to update the images offline with the latest
service and security updates.
“Take advantage
of technologies that
enable you to update
the images offline with
the latest service and
security updates.”
Use
Use
Infrastructure
Hardening
8. Employ
Protect sensitive data wherever it might
be ─ in motion, at rest or in use. Use whole
disk encryption, which ensures that all
data on the disk ─ not just user data files ─
are encrypted. This can also help prevent
offline attacks. All communications to host
operating systems and virtual machines
should also be encrypted.
“All communications
to host operating
systems and virtual
machines should also
be encrypted.”
Emplo
7
End-to-end
Encryption
9. 8
Maintain an optimal security posture by
holding the encryption keys. Make sure to
retain ownership of your data by retaining
ownership of the encryption keys ─ and not
giving them to your CSP.
“Make sure to retain
ownership of your data
by retaining ownership
of the encryption keys
— and not giving them
to your CSP.”
Hold
Hold
Your
Encryption Keys
10. Develop
How you respond to threats and adverse
events – and how rapid that response is – is an
important component of security. Document
responses to events and implement programs
to facilitate those responses. Ask your CSP
to provide you with documentation of its
response plan as well.
“Document responses
to events and implement
programs to facilitate
those responses.”
9
Develo
9
a Plan and Educate
Your Response Team
11. 10
Perform data integrity checks, such as
Message Integrity Codes (parity, CRC),
Message Authentication Codes (MD5/
SHA) or Hashed Message Authentication
Codes (HMACs) to detect data integrity
compromise. If you detect data compromise,
restore the data from backup or from a
previous object version.
“If you detect data
compromise, restore
the data from backup
or from a previous
object version.”
10
Make
Make
Frequent
Checks
12. Leverage
Consider employing managed security
solutions as an extra layer of protection.
Security, delivered as a service, allows you
to take advantage of leading-edge security
technologies and specialized security expertise
with no upfront capital investment.
“Consider employing
managed security
solutions as an extra
layer of protection.”
11
Security-as-aService Solutions
Levera
11
13. Isolate
CSP
Access
Make sure your CSP ensures isolation of
access so that software, data and services
can be safely partitioned within the cloud
and that tenants sharing physical facilities
cannot tap into their neighbors’ proprietary
information and applications.
“..tenants sharing
physical facilities cannot
tap into their neighbors’
proprietary information
and applications.”
12
Isolate
12
14. 13
Whether you are working with a CSP for the
first time or have had a long-term business
relationship, require maximum transparency
into your CSP’s operations. CSPs should
be able to provide log files, reports and
applications that allow IT administrators to
view data traversing their virtual networks
and events within the cloud in near real time.
“...require maximum
transparency into your
CSP’s operations.”
11
Insist
Insist
Upon CSP
Transparency
15. To learn more about cloud security, including
managed security services, contact Peak 10 at
866-473-2510 or email: solutions@peak10.com.