In the modern business landscape, an increasing number of organizations are utilizing the public cloud system and placing both data and infrastructure into it. This is a result of the cloud being a platform that enables many organizations in various industries to be more flexible and efficient in integrating newer technologies. In addition to this, the public cloud brings a host of functionality and features to cater to the evolving needs of businesses, making it an ever-growing and preferred service.
However, there are relevant concerns that are associated with public cloud usage, namely, in the aspects of accessibility and security. Unlike tightly monitored and controlled on-site datacentres with specific server infrastructure and identity and access management protocols, the public cloud has its independent security processes dictated by the vendor.
These pertinent concerns are further exacerbated by news of severe data breaches and leaks happening throughout the world, causing organizations to doubt the integrity and dependability of public cloud services. For organizations that heavily depend on the cloud, it then becomes a crucial initiative to enact practices that can prevent and avoid data breaches.
We’ll take a look at some of these effective practices.
Encryption for Both In-Flight and At-Rest Data
Encryption is the process of taking visible data and encoding it to make it unreadable unless a specific verified password or ‘key’ is used to decrypt it. As data is either in constant movement while being transmitted between an on-site source and the cloud, or at rest while in cloud storage, it’s beneficial for organizations to encrypt them for both statuses.
Encryption practices are often implemented for at-rest data and is the most common form of data encryption. This form of encryption is also implemented at two levels: either at file-level encryption or entire disk-level encryption.
For data that is in-flight, there are various potential vulnerable points throughout its data path from an on-site datacentre source to the public cloud where the data can be intercepted and exploited by cybercriminals. Implementing in-flight encryption means that a packet of data is encrypted at the initial source point and then only decrypted by the intended recipient at the destination point who has the decryption key.
Micro-segmentation of User Access, JEA, and Network Resources
Micro-segmentation is a method of creating secure zones in cloud deployments and data centres, allowing the isolation and protection of individual workloads. The principles present in micro-segmentation practices are applicable to both on-site to cloud communications and vice versa, and it’s effective at making more granular network security.
In essence, micro-segmentation is scoping down and granting the network access to only end-users or devices that have high access priority to it. This mitigates the risks as compared to a network communication that is open to both public cloud and on-site resources or nodes, hence an overall reduced security posture.
The main benefit of this method is to enable the tailoring of security settings for various types of traffic, implementing policies that limit the application and network flow between different workloads to only the exclusive users with access permissions. The goal of micro-segmentation also extends to limiting the network attack surface. For example, if a particular workload is compromised by a cyber attack, the risk of the attack spreading to other workloads or application is mitigated as it has been isolated through micro-segmentation.
In addition to micro-segmentation, JEA is a security practice ensuring that only end-users are granted access to essential resources both in the public cloud and on-site. In modern hybrid infrastructures, giving users more access than necessary can cause a heightened level of security risk. As cybercriminals often search for access through credential theft or user impersonation, JEA prevents their reach even if they should succeed in infiltrating a network.
Back Up Resources in the Public Cloud
Organizations often practice on-site backups of critical and essential resources as a means of preventing complete corruption or loss of data in the event of a cyber attack. However, this practice is seldom extended to the public cloud. Hybrid cloud infrastructures that are prevalent today are integral in many functions of an organization. Features such as email and cloud shared storage are essential tools that will not change any time soon. Therefore, employing cloud backup strategies can be immensely beneficial in ensuring that the data stored in the cloud are not completely lost.
Some common and effective cloud backup processes are:
- Direct Backup to Public Cloud – This backup method involves an organization writing the data to the cloud infrastructure service that they use, allowing direct backup practices.
- Cloud-to-Cloud Based Backup – This backup method is often implemented for software data that is present in the cloud as a service. The data is copied to another cloud storage service as a means of preventing loss.
- Service Provider Backup – This backup method enables an organization to write data to a cloud service provider who possesses a data centre in their backup services.
What measures have you taken to prevent cloud security breaches?
To consult a security expert, contact us at firstname.lastname@example.org or 6536 0668.