Bridging the Cloud Security Gaps: With Freedom Comes Greater Responsibility

By 2019, global spending on public cloud services by businesses is expected to reach $141 billion, says  IDC reports. Approximately two-thirds of CIOs across the globe view cloud computing as a principal disruptive force in their businesses, says another leading survey. With cloud adoption currently gaining momentum, it is evident that thick-skin cloud computing is here to remain, despite cloud security concerns looming over the heads of many enterprises.

Here’s why: Apart from elasticity and agility the cloud offers, it is the freedom to swiftly launch an infrastructure with just a few clicks & have it ready in few minutes. And this is what has made  developers/engineers to be the prime drivers of cloud adoption across organizations. Plus, organizations are saving 14 percent of their budgets on an average as an outcome of public cloud adoption, according to a Gartner’s 2015 cloud adoption survey. The infographic below lists few influencing factors.

AlienVault Cloud Security Report 2016
Image Source: AlienVault Cloud Security Report 2016

True. However, this freedom to  scale up or scale down the infrastructure as and when required can very easily wash away that 14 percent saved on budgets if not handled with greater responsibility. Why? Due to cloud security gaps that need to be filled, says Amarkant Singh, Head of Product, Botmetric in one of his articles.

“With Freedom comes greater Responsibility.” And with the choice of public cloud that features shared responsibility model, you need to pay close attention to key security measures from time to time.

Security in the Cloud: A Shared Responsibility

Customers of public cloud services are responsible for their data security and access management of cloud resources. For instance, if you’re using AWS EC2 public cloud infrastructure service, you are responsible for Amazon Machine Images (AMIs), operating systems, applications, data in transit, data at rest, data stores, credentials, policies, and configurations. According to Amarkant, a public cloud user needs to tackle four major components when it comes to cloud security:

  1. Access Controls
  2. Network Security
  3. Data Security
  4. Activity & access trail

And here’re the top five best practices, as suggested by Amarkant, that will help close the cloud security gaps within your cloud infrastructure:

  1. Grant least privileges

Use this a thumb rule when granting privileges to users and programs. If you’re using AWS, you must make full use of its IAM capabilities to define a very fine-grained permission level for all access points into your cloud infrastructure. Plus, make multi-factor authentication mandatory for your users. And don’t forget to rotate access credentials regularly.

  1. Enable all the detective services

Leverage all the tools and configurations provided by your cloud service provider. This will help track activities within your cloud. For instance: If you use AWS, you must enable AWS CloudTrail Logs (Even in regions where you don’t have instances), VPC Flow Logs, ELB Access Logs, and AWS Config.

  1. Encrypt data that is at rest and in transit

Despite knowing the importance of encryption, very few follow it, even though they store sensitive data on the cloud. Ignorance is bliss, however, can prove costly when it come to security of data. Not to worry. Major cloud service providers, like AWS, provides native encryption capabilities to all its data storage services like RDS, S3 and EBS. Great! Now, don’t forget to use HTTPS/SSL when transferring data over the Internet or across regions.

  1. Architect networks with desired segmentation

While you architect, do follow the best practices. In case of AWS, you can create VPC and further segment your network into public and private subnets. Do not forget to keep your data stores in a private subnet.

  1. Backup the backups

Yes! It is recommended to have one or multiple separate cloud accounts just to keep backups. Plus, only a few users should have access to these accounts. Why? For example, you’re using AWS EBS and you take regular snapshots for backup. When the account is compromised by a hacker, it is highly likely that both EBSand its snapshots(backup) are deleted.

To Conclude:

The statement “With Freedom comes great Responsibility” when it comes to looking into public cloud security, is neither a hype nor an understatement. Bring in the required discipline within the team to perform regular audits, follow best practices, and preferably automate key tasks, and see how cloud computing will never cease to amaze you. Try Botmetric Security & Compliance to see how it can help.

Do tell us what’s your cloud security posture, and how you are implementing the critical cloud security controls and tackling the threat landscape for your cloud. Tweet to us.  Comment to us on Facebook. Or  connect with us on LinkedIn. We’re all ears!

PS: Hear the Botmetric webinar recording on  AWS Security Do’s and Don’ts – Tackling the Threat Landscape  by Amarkant to know more.

Editor’s Note: This blog post  is an adaptation of LinkedIn Pulse post by Amarkant Singh, published on Sep 28, 2016.