9 Ways to Ensure Cloud Security

September 22, 2016 — by Radware0

main

Cloud SecuritySecurity

9 Ways to Ensure Cloud Security

September 22, 2016 — by Radware0

Whether you’ve migrated some or all of your infrastructure to the cloud, or are still considering the move, you should be thinking about security. Too often, organizations assume a certain level of protection from a cloud service provider and don’t take steps to ensure applications and data are just as safe as those housed in the data center.

The sheer range of cloud technology has generated an array of new security challenges. From reconciling security policies across hybrid environments to keeping a wary eye on cloud co-tenants, there is no shortage of concerns. An increasingly complex attack landscape only complicates matters and requires security systems that are vigilant and able to adapt. Here are nine tips to consider before, during, and after a cloud migration to stay ahead of the curve when evaluating security solutions for your cloud service.

Plan for Hybrid Environments

The majority of organizations will have applications housed across hybrid environments, requiring CIOs to coordinate security policies across these environments. It might be tempting to rely on your cloud service provider for security, but that could lead to risky inconsistencies. Identify security services that overlay a number of different cloud-based apps and provide the same technology and policy management for on-premise applications.

Cloud networking concept: Silver Cloud With Padlock on digital background, 3d render

Start with Low Risk Assets

As you begin migrating to the cloud, start with data and apps that are less sensitive or mission-critical. CRMs, for example, might not be as sensitive to downtime or data loss. Until you’ve vetted the reliability and security of a cloud service provider, avoid migrating high-risk assets.

Maintain User Confidentiality

If your cloud provider is defending against encrypted attacks, it might inadvertently compromise user confidentiality. After all, detecting encrypted attacks requires some level of decryption of both legitimate and malicious traffic. Check with your cloud provider to see what solutions it uses and whether your sensitive information will stay private.

Know What You Have in the Cloud

Your employees are almost certainly using cloud-based applications without the knowledge of IT teams, leaving a trail of vulnerabilities and data leakage. Unapproved cloud-based apps can lead to malware, posing a risk to the network. This problem has generated a new category in the security space: the cloud access security broker.

Don’t Become Collateral Damage

Understand the architecture and security offered by your cloud provider. Sharing computing resources/space can result in outages throughout the network, degraded performance, or denied access for users in certain geographies. If you share space with the target of an attack, you could become collateral damage. Can your cloud provider separate attack traffic from clean traffic to prevent attacks on cotenants of a cloud platform?

[You might also like: Cloud-Based or Provider-Managed DDoS Mitigation: Which Is Right For Your Organization?]

Understand Compliance Implications

If encrypted sessions are being terminated in the cloud, make sure your provider’s platform or location fit both internal and industry compliance standards. You may be required to upgrade or modify security protocols to ensure the cloud service complies.

Detect Where You Can, Mitigate Where You Should

Monitoring for attacks at your own data center is relatively easy, but cloud adoption means critical assets aren’t as “close” as they use to be. That distance can negatively impact timely detection. Place detection capabilities in front of your cloud-based assets just as you would in your data center. It allows you to assess the attack and determine the appropriate response. For example, turning to cloud scrubbing if it’s a volumetric attack.

Understand the Security Capabilities of Your Cloud Vendors

As with any service category, cloud hosting providers have different strengths and weaknesses. Some differentiate based on price, others on speed, and others on security. Be sure to understand the security capabilities of your provider.

Separate Security Requirements from Hosting Requirements

Be careful to not let business units outside IT take ownership of security. Business units are under a lot of pressure to leverage the cloud to speed time-to-market and reduce costs. Security becomes a secondary consideration. Most of these business teams don’t have the skills or knowledge to assess security requirements.

cloud-adoption

Read “7 Things to Look for in a Cloud Security Service” to learn more about how the expanded portfolio of cloud security services continuously adapts in step with evolving threats and ongoing development of applications.

Download Now

Radware

Leave a Reply

Your email address will not be published. Required fields are marked *