Published on the 08/10/2019 | Written by Dirk Prinsloo
There’s a big misconception around security that threatens to trip up many companies moving to the cloud…
While cloud providers like the ‘big three’ – Amazon, Microsoft and Google, will pour vast resource into taking care of physical and virtual security for their data centres and servers and encrypting data warehouse connections, the individual customer is responsible for protecting the virtual machines running on those servers and the applications they host.
It doesn’t really matter what kind of security defences your cloud provider has in place, if you don’t protect your own users, applications and network infrastructure, you are setting yourself up for a meltdown in the cloud.
We have helped many clients move successfully to the cloud and helped keep them secure as they embrace this new way of working.
If you don’t protect your own users, applications and network infrastructure, you are setting yourself up for a meltdown in the cloud.
Here are five things we think you should consider before embarking on your cloud migration:
Know what you are responsible for
All cloud services are not equal. The level of responsibility worn by the cloud provider, as outlined in the contract you sign with them, varies significantly. Software-as-a-service (SaaS) providers will make sure their applications are protected and that the data is being transmitted and stored securely. But that is typically not the case when it comes to cloud infrastructure providers who, as outlined above, are focused on protecting their data centres and servers. Check with the provider to understand who oversees each cloud security control.
Control who has access
Research from analyst group RedLock’s Cloud Security Intelligence team, recently found that 31 per cent of databases in the public cloud are open to the internet.
As a result of this, you need to ensure you constantly review your access permissions for your resources in the cloud. Microsoft offers various identity and access control tools to let you know who has access to what data and when. Ensure that you always enable the minimum number of privilege features.
Our cloud readiness assessment (part of our Cloud Foundation Framework) provides the necessary information to determine your environment’s readiness for the cloud and decide on the best approach to deliver these capabilities aligned with your cloud strategy.
Protect the data
Understand the risks you face with having your data in the cloud. A key aspect of this is completing a detailed risk and security assessment, which will help define your data protection requirements.
Storing sensitive data in the cloud without putting in place appropriate controls to prevent access to servers is irresponsible and dangerous.
Microsoft offers environment tools and management servers to help protect data in the cloud. But ensuring that these are implemented is your responsibility.
We have an easy to use Risk and Security Assessment that easily translates your risk in moving to the cloud and outlines the roadmap for ensuring your data security objectives are achieved.
Security hygiene still matters
Just because your applications, data and systems are in the cloud, does not mean you don’t have to follow basic security hygiene!
Defence-in-depth, a cybersecurity approach that creates layers of protection, is particularly important when securing cloud environments. It ensures that even if one control fails, there are other security features keeping the applications, network, and data safe.
Multi-factor authentication (MFA) is one of the security technologies that provides an extra layer of protection on top of the username and password, making it harder for attackers to break in. MFA should be enabled to restrict access to the management consoles, dashboards, and privileged accounts.
Microsoft offers MFA solutions out of the box, and by using our Cloud Foundation Framework, we can help design and deploy the right level of security hygiene for your organisation.
The major cloud providers all offer some level of logging tools, so make sure to turn on security logging and monitoring to see unauthorised access attempts and other issues. Microsoft offers Windows Defender and Windows ATP solutions to help give you visibility of your environment and to allow proactive responses to immediate threats.
There’s no doubt that overall, moving to the cloud makes for a more secure environment – if the right security provisions, solution and decisions have been made.
We provide the necessary capabilities, that span technology, people and process, to help you achieve your cloud migration objective. Our approach is defined in a detailed and well-executed Cloud Foundations Framework. The first step in our process is to define the following:
- What your current state is
- What your future state might be
- How to transition to that future state
We help deliver the following core capacities that help address the cloud migration concerns mentioned above, namely:
- Identity and access management
- Security and protection
- Information management
- Cloud infrastructure
DIrk Prinsloo is Practice Lead – Modern Workplace at Intergen. With over 12 years of experience across various markets and industries. His focus and experience ranges from teamwork and collaboration to modern device management, underpinned by cloud security principles and technologies. As a consultant he provides objective advice, expertise and specialist skills with the aim of creating value, maximising growth or improving the business performance of customers.