Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Cloud Security and Mitigation of Risk

Written by  Sep 09, 2019
Just because your data isn't on your premises doesn't mean you're not responsible for its security.

The cloud certainly offers many advantages, but as with any large-scale deployment, the cloud can also offer unforeseen challenges. The notion of the cloud just being "someone else's data centre not mine" is just plain wrong, it assumes you're relinquishing security responsibility because "someone else will take care of it all."

Advertisement
Preventing Ransomware: Understand, prevent, and remediate ransomware attacksamazon uk

Yes its true, cloud systems, networks, and applications are not physically located within your control, but security responsibility and risk mitigation are. Cloud infrastructure providers allow a great deal of control in terms of how you set up that environment, what you put there, how you protect your data, and how you monitor that environment. Managing risk throughout that environment and providing alignment with your existing security framework is what's most important.

Privacy and Risk
With the EU's General Data Protection Regulation (GDPR), organisations have increased requirements when protecting data in the cloud. And the solution isn't as simple as deploying data loss prevention software in a data centre because the data centre has become fragmented. You now have a various services, systems, and infrastructures that aren't owned by you but still require visibility and proper control.

Advertisement
Norton Security Deluxe 2019 | 5 Devices + Utilities| 1 Year | Antivirus Included | PC/Mac/iOS/Android | Activation Code by Postamazon uk

Cloud services and infrastructures that share or exchange information also become difficult to manage: Who owns the service-level agreements? Is there a tool that monitors it all? DevOps has forced companies to go as far as implementing microsegmentation and adjusting processes around firewall rule change management. Furthermore, serverless computing has provided organisations with a way to cut costs and speed productivity by allowing developers to run code without having to worry about infrastructures and platforms. Without a handle on virtual private clouds and workload deployments, however, things can spin out of control and you start to see data leaking from one environment just as you've achieved a level of control of security in another.

Mitigation
Several steps can be taken to help mitigate risk to an organisation's data in the cloud.

1. Align to your needs
First, align your cloud environment with cybersecurity frameworks. Often, organisations move to the cloud so rapidly that the security controls historically applied to their on-premises data centres don't migrate effectively to the cloud. Furthermore, an organisation may relax the security microscope on software-as-a-service (SaaS) applications such as Microsoft Office 365. But even with these legitimate business applications, data may end up being leaked if you don't have the right visibility and control. Aligning cloud provider technology with cybersecurity frameworks and business operating procedures provides for a highly secure, more productive implementation of a cloud platform, giving better results and a successful deployment.

2.Familiarise yourself
Cloud systems and networks should be treated the way you treat your LAN and data centre. Amazon's Shared Responsibility Model, for example, outlines where Amazon's security responsibility ends and your security responsibility begins. While threats at the compute layer exist — recent cloud data breaches have shown a breakdown in an organisation's security responsibility area, namely operating system security, data encryption, and access control. If your organisation has standards that govern the configuration of servers, vulnerability management, patching, identity and access management, encryption, segmentation, firewall rules, application development, and monitoring, see to it that those standards are applied to cloud services and are audited as a matter of course.

3. Stop the rogues
Not so long ago, you would see organisations struggle with employees who set up unsecured wireless access points in an attempt to gain flexibility. Nowadays wireless controllers providing rogue detection and intrusion prevention system capabilities have helped rein in that activity. With the cloud, employees are setting up cloud storage accounts, serverless computing environments, and virtual private networks (VPN's) as needed to circumvent cumbersome change control procedures, cut costs, and gain similar flexibility and efficiency. By rearchitecting legacy networks, readjusting old processes and procedures, implementing cloud proxy or cloud access security broker (CASB) technology, and coupling that with strong endpoint security controls and an effective awareness campaign, an organisation can provide that level of flexibility and efficiency but still provide for data protection.

Advertisement
Cybersecurity Essentialsamazon uk

4. Keep a close eye on things
The cybersecurity operations centre (CSOC) should no longer be concerned with just the local network and data centres. The operational monitoring procedures, threat hunting, intelligence, and incident response that the SOC uses also apply to cloud environments where the organisation's data resides. Monitoring SaaS applications where corporate data may reside is challenging but can be done using effective endpoint security coupled with the monitoring of cloud access solutions (CASB, proxy, and others). For a serverless environment, depending on your CSOC requirements, this may mean the application of third-party monitoring platforms or solutions beyond what cloud providers offer. In all cases, event logging and triggers need to feed back to the CSOC to be correlated with local event data, analytics, and threat intelligence.

With all the cloud services available, it's no wonder companies struggle to manage risk. It takes a lot of coordinated effort and time to successfully set up and maintain a cloud based system.

Advertisement
Cloud Computing Security: Foundations and Challengesamazon uk

Organisations must include security in technology decisions if security is to continue to protect the business, and security must understand the needs of the business and changes in technology that you are using. To help to prevent people from seeking their own solutions to technology problems, IT and security teams must evolve their assets and functions to accommodate that speed and convenience or find themselves constantly trying to catch up

Carl Perkins

A security tech expert, Carl specialises in IT Security having worked in the field for over 10 years and has previous Tech admin roles to his credit. He is very experienced and his contribution is invaluable to us.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Contributors

We would like to invite IT Security Professionals from the UK to join our other contributors in providing high quality articles for our website.

To enhance IT Security Centres credentials and to offer an opportunity for other IT Professionals and IT Companies to share their work, information and ideas.

We are always happy to hear from other IT Security Professionals and look forward to your incite. please contact us for more information.

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

May 28, 2020 IT Security News

UK virus apps highlights tension between privacy and need for data

As more UK and European governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension bet...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Jun 09, 2020 IT Security News

Self-employed targeted by hackers with HMRC SMS phishing scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-e...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

Advertisement
Symantec Home 120x60

Advertisement