5 Best Practices for Cloud Security

by Sarah Harvey / April 24th, 2018

How has the cloud impacted your organization’s security? Has it left you wondering – what consequences could we face if a malicious outsider gained access to our cloud environment? Would our clients stay loyal to us if our database was compromised? What can we do to implement cloud security?

Our five best practices for cloud security, especially in Azure and AWS environments, include:

Identity and Access Management (IAM)
Multi-factor authentication (MFA)
Hardening techniques,
Monitoring programs, and
Industry-accepted cloud security tools.

These best practices for cloud security work together and sometimes overlap to give your cloud environment the protection that it needs.

Learn more about the 12 most common cloud security problems most businesses face.

Implement IAM Best Practices

Implementing Identity and Access Management (IAM) best practices is a vital aspect of cloud security. IAM is a process for managing electronic or digital identities. Without IAM, you can’t track who has which type of access and what actions someone has taken with their access. IAM best practices include policies that outline strong password requirements, key rotation every 90 days or less, role-based access controls, and multi-factor authentication.

Azure and AWS both provide their recommendations for IAM.

Utilize Multi-Factor Authentication

As part of IAM, implementing access controls based on business need to know is a crucial aspect of cloud security. Access controls are key to preventing data breaches, account hijacking, breaches caused from shared resources, and creating a secure identity and access management (IAM) system, among other benefits. The more people who have access to sensitive areas, the more risk there is.

Implementing access controls like multi-factor authentication (MFA) adds an additional security measure for protecting user names and passwords. When MFA is enabled, a user will be asked for their user name, password, and a secondary verification method. This is something you know, something you have, or something you are. How many times have you entered your PIN after swiping your payment card this week? Your PIN is something you know. Has a website ever texted you a one-time password in order to log on? That one-time password is something you have. Do you use the face ID or fingerprint function to unlock your smartphone? Your face or fingerprint is something you are. This type of verification method, when used in addition to unique IDs, help protect user IDs from being compromised, since the one attempting the compromise needs to know both the unique ID and the password.

Azure and AWS make multi-factor authentication (MFA) an easy to use, scalable, protected, and reliable control.

Identify Responsibility

To close some of the gaps in cloud security, you must understand what the cloud service provider is responsible for and what the cloud service customer is responsible for. If responsibility for cloud security is not defined, cloud security could be compromised. In general, the shared responsibility model outlines that providers are responsible for security of the cloud, and customers are responsible for security in the cloud. Cloud service providers and customers must work together to meet cloud security objectives.

Azure and AWS both define the shared responsibility model to give some perspective on how important it is to identify responsibility.

Continuous Monitoring Program

A monitoring program should be a continuous, mostly automated process. Making your monitoring program a priority will help solve small problems or risks before they become a much larger issue.

Your monitoring program should answer: What are your goals for monitoring? Which resources you will monitor? Which monitoring tools will you use? How often will you monitor these resources? Who will perform the monitoring tasks? Who will be notified of an incident?

Utilize Cloud Security Tools

Cloud service providers have developed many cloud security tools to help their customers achieve secure environments. Cloud security is just as important to providers as it is to customers. These tools can help you achieve best practices for cloud security, automate security assessments, give alerts for security incidents, and assess data security requirements to verify the security and compliance of cloud solutions. Amazon CloudWatch, Amazon Inspector, and Azure Security Center are a few examples of industry-accepted tools. You could also utilize another trusted advisor or tool, like third-party auditing firm or internal audit.

Has your organization implemented these five best practices for cloud security? Contact us today to start learning about protecting your cloud environments.