June 16, 2020

1995 words 10 mins read

What is cloud security?

What is cloud security?

The pace of digital transformation drastically increased in 2020 due to the onset of the pandemic. Remote working, social distancing, and the need for business continuity saw factories, offices, and even restaurants and coffee shops tapping into cloud computing. Taking our lives and our information even further online. With even more data being generated, processed, and stored, particularly by bus

inesses that will be new to the cloud, security is now more important than ever. What’s more, cloud computing security isn’t exactly simple. SEE MORE 100GB of secret NSA data found on unsecured AWS S3 bucket SEE MORE Multi-cloud vs hybrid cloud – what’s the difference? SEE MORE CISO job description: What does a CISO do? From controlling which employees have access to which services, to securing each device they use, keeping a cloud environment protected from every potential entry point is a daunting task – not to mention the work that goes into making sure databases and storage systems are correctly configured. Even the biggest providers of cloud technology have fallen foul of security mishaps. AWS, Google Cloud Platform, Microsoft Azure, and IBM offer a wide range of services and tools for cloud and security, but they also fight daily battles to protect customers from phishing, DDoS attacks, and unauthorised access. This is why it is imperative that you and your organisation have strong security policies and guidelines from top to bottom. Everyone in the office needs to know how to protect their devices, their software services, and what to do in the very likely event of an attack. Because the threats facing your cloud environment are many and varied. What is cloud security? The cloud is a method of computing and storage that’s accessible via the internet. It involves data travelling to and from you and your business to a datacentre to be processed or stored for certain tasks. For instance, when you ask an Amazon Echo device a question, that data is processed in a data centre and sent back to the device for Alexa to respond in real-time.

Cloud Security is the protection of this data and also the applications and services you keep within a cloud environment, whether that be public, private, or hybrid. This could include implementing tools such as firewalls, VPNs, password managers and other controls that regulate access to data. This is because it’s not the cloud itself that needs to be secured, but the various points of entry there are, be it through login credentials for an app or restricting the number and variety of devices that can access the data stored there. Why is cloud security important? Cloud security is important because the information your business stores in the cloud is often highly valuable, particularly if it’s customer data. AI technologies, targeted ads, prediction models with machine learning, they all require data, large swathes of it, and if your cloud isn’t secure your data could be accessed by an unauthorised and potentially malicious third party. What’s more, not having a suitably secured cloud will leave your business in violation of GDPR, which came into force in May 2018. If a company is found to be in violation of this regulation and suffers a breach, it could face a potential fine of up to 20 million euros or 4% of global turnover whichever is higher. The mere fact that your data is sitting on somebody else’s infrastructure is no excuse, either. If you didn’t take reasonable steps to secure the information stored on the cloud yourself, you could still be found in breach of GDPR. Patching leaks In 2017, the US National Security Agency (NSA), part of the country’s defence department, had 100GB of sensitive data exposed through poor security practices. An image of a virtual copy of one of its hard drives was left unprotected on a public Amazon S3 server. Anyone who knew the web address where the data was stored could freely access it, causing considerable embarrassment for an organisation that deals in security.

This isn’t an isolated incident either, as unsecured S3 buckets are frequently at the centre of significant data breaches. In the same year, at least two million Dow Jones customers had their personal details exposed on the web in the same way. Worse, this type of breach is also still happening. Security firm UpGuard revealed IT services firm Attunity had left at least 1TB of data belonging to high profile customers such as Netflix and Ford in several unsecured AWS S3 Buckets. “If the right-hand does not know what the left hand is doing, the entire body will be injured,” said UpGuard cyber resilience analyst Dan O’Sullivan. “The Defense Department must have full oversight into how their data is handled by external partners and be able to react quickly should a disaster strike.” Best Practices None of this is to say you shouldn’t use the cloud at all. In fact, for most businesses some of the larger providers will likely have significantly greater resources for securing data than they could ever reasonably have. However, as the examples above show, just opting for a well-established service cloud doesn’t mean you can just sit back and do nothing. The responsibility to secure cloud environments still rests on the shoulders of the businesses using the platform. To ensure your cloud-hosted data is as safe as possible, there are some best practices you can follow. Firstly, it’s important to establish who can access your resources and from where. Responsibility for this rests squarely with the IT department and it’s a good idea to give a couple of team members dedicated responsibility for this task. Blanket policies for access are also a bad idea. Security parameters should be set by role, so only those who need to can make changes to a data record (such as a database) and who only has viewing permissions – and who has no access rights at all. Secondly, while cloud computing enables access from virtually anywhere, it doesn’t mean that should be the case. Measures should be taken to ensure only certain information can be accessed if the user is connecting via public Wi-Fi, for example, and it’s also a good idea to restrict access for unrecognised or unsanctioned devices. It’s important to decide what is most valuable to your organisation. It’s not wise to protect everything with the same controls as it won’t be an effective use of your resources. Instead, it’s advisable to focus greater security on the data that really matters. Future-proofing is also crucial. The events of 2020 have taken all of us by surprise, but some organisations had the business resilience and agility to ride the wave of disruption more successfully than others. It’s been widely reported that cyber crime has been on the rise over the last few months – and a big reason for this is that criminals know full well that a black swan event like COVID-19 can leave businesses in chaos and their systems vulnerable. What we can learn from this is not just the importance of prioritising securing your organisation to meet your current needs, but looking at contingency planning and agility too. While we may not have another year like 2020 for a long time, disruption is always a possibility, and organisations must be prepared for it. This means ensuring you have robust cloud security plans in place if your current setup changes. Is your system secure enough to manage employees working from home networks or public Wi-Fi? Have you got the means to be flexible with access if roles or working arrangements change? Do you have the tools in place to spot and adapt to new security threats?  Finally, do remember to ensure the data you store in the cloud isn’t accessible via the open internet for anyone and everyone to see – your cloud provider will have information on how to do this if it isn’t a default setting.

Date: 2019-09-20

URL: http://feeds.itpro.co.uk/~r/ITPro/Today/~3/Fdk6oLuIkhU/what-is-cloud-security


Acer ConceptD 500 review gallery (2020-12-02) A stylish and monstrously powerful PC for content creators
What is HTTP error 503 and how do you fix it? (2020-01-07) The derided 503 error message is possibly one of the most frustrating errors to encounter when trying to access a website not just as a developer but as a general user As is the case with most other HTTP errors including the 502 bad gateway error theres no way for you to tell precisely what has gone wrong Unless youre au fait with website development its likely that the error number is as helpful ..
How to become a T-shaped employee (2020-12-05) Over the last few years the idea of a T-shaped employee has gained currency in recruitment It was first popularised by Tim Brown the CEO of the IDEO a California design firm Essentially a person with this trait has deep knowledge and skills in a specific area plus an eagerness and aptitude to work across disciplines which are likened to the vertical and horizontal lines on a letter T respectively ..
Dell and HP Q3 results buoyed by pandemic PC surge (2020-11-25) Demand for remote working products and services has fuelled surges in laptop and PC sales boosting third-quarter profits for HP and Dell Both firms beat analyst expectations for Q3 with optimistic earnings forecasts swiftly following as the coronavirus continues to increase demand for home learning and working SEE MORE What remote working lessons can we learn from the first lockdown? SEE MORE The ..
Log-On Wave for IBM Z simplifies highly virtualized environments (2020-11-16) IBM business partner Log-On Software has announced Log-On Wave for IBM Z to simplify and accelerate the management and daily administration of highly virtualized Linux server environments on IBM Z and IBM LinuxONE IBM Z and IBM LinuxOne are powerful reliable and economical platforms for highly virtualized Linux environments Significant z/VM skills are required to monitor manage and provision Linux.. Log-On Wave for IBM Z simplifies highly virtualized environments
How good is your backup, really? (2020-11-10) Backups are arguably the most vital component of an organisations tech setup But as you dont need them till things go wrong for some organisations it is all too easy to set systems up and forget about them which could be a recipe for disaster What should an organisation be doing to ensure its backups are in fine fettle at the point when theyre needed? With working from home now standard practice a..
It’s too late to let slip the robodogs of war now we have ransomware (2020-11-10) TV and film have a lot to answer for when it comes to misconceptions of artificial intelligence Despite rapid advancements in the field there will never be a bionic man or woman David Hasselhoff will never have an autonomous car to fight crime and robots bearing a remarkable resemblance to Arnold Schwarzenegger will never travel back in time to kill someones mum We have much better ideas these day..
86% of consumers experience cyber crime amid coronavirus pandemic (2020-11-19) Cyber criminals are increasingly targeting consumers as online shopping grows in light of the global coronavirus pandemic According to OpSecs Annual Consumer Barometer survey identity theft credit card fraud or a data breach has hit 86% of consumers over the past few months Thats a 6-percentage-point increase over the number of consumers who fell victim to these cyber incidents in 2019 SEE MORE Is..
Canon i-Sensys LBP664Cx review: A great choice for small businesses (2020-11-18) Canons i-Sensys LBP664Cx is a tempting option for busy offices This desktop A4 laser costs a reasonable 253 yet delivers a speedy 27ppm in both colour and mono A 127cm colour touchscreen makes it easy to use and you can even take some advantage of Canons library of downloadable apps All the key connections are here: alongside a USB 2 port the printer offers Gigabit Ethernet and 80211n wireless ser..
Microsoft Surface Go 2 review gallery (2020-12-02) Microsofts new budget 2-in-1 is a refined and beautifully portable success