Best security practices for migrating to the cloud: A guide
As more businesses embark on their digital transformation journey and shift towards a mobile cloud computing model, they must rethink their entire security architecture. Migrating to the cloud effectively marks the end of the traditional network perimeter, which means that the standard security protocols designed to protect the perimeter are no longer fit for purpose.
A recent report from Outpost24 found that while 42 percent of organisations are concerned about cloud security, 27 percent do not know how quickly they could tell if their cloud data had been compromised. This shows that many organisations are failing to follow cloud security best practices, leaving them vulnerable to security threats. This article outlines some of the best security practice organisations should follow when migrating to the cloud.
The cloud challenge
The rising popularity of the cloud cannot be understated. IDG’s 2018 Cloud Computing Study estimated that 77 percent of organisations use cloud services. It’s also been estimated that the average enterprise uses up to almost 1,000 applications. However, the added freedom granted by cloud services also comes with risks. As organisations move to a mobile cloud computing model, their employees have access to critical business data anytime from anywhere, eroding the traditional network perimeter. This has opened up new access points for hackers to exploit and created a massive attack surface that traditional security systems, such as firewalls and gateways, cannot protect against.
Forget the perimeter, forget trust
With the modern mobile cloud computing model dissolving the traditional network perimeter, organisations need to adapt. Businesses should look to implement a zero-trust security framework, which has been designed in direct response to the diminishing perimeter. Zero-trust considers an organisation’s network to be already compromised and as a result applies a ‘never trust, always verify’ logic to network access.
With data flowing freely between various devices and servers in the cloud, there are more potential access points to be exploited. The zero trust model takes this into account and requires the device to be verified, the user’s context to be established, the apps to be authorized, the network to be verified and the presence of threats to be detected and mitigated. Only after all these checks have been completed will the user be granted access to the data they are trying to view.
The password is the weakest link in enterprise security – a recent survey conducted by MobileIron and IDG found that 90 percent of the security professionals questioned had seen unauthorised access attempts as a result of stolen credential – and unfortunately, the advent of cloud computing has further exploited the vulnerability of the password. With cloud services and applications presenting organisations with multiple opportunities to streamline the way they handle their data, the risk presented by stolen user credentials has only grown.
The same IDG survey also found that almost half of enterprise users recycle their password for more than one enterprise application. And with the average enterprise using up to 1,000 different cloud applications, it is highly likely that enterprise users recycle their passwords for different cloud services. Thus, just one stolen password in the modern cloud environment could provide hackers with countless amounts of enterprise data. In order to overcome the pain of passwords, organisations should look to more reliable methods of securing access to their data in the cloud, such as multi-factor authentication, or biometrics.
Good security hygiene is always of paramount importance, but even more so when an organisation migrates to the cloud. The advancement of cloud computing has changed the way the modern enterprise works, with mobile devices increasingly being used to access critical business data. In order to best achieve secure access to cloud data, organisations need to understand the environment in which their employees want to work, including what devices they choose to use.
Organisations can then implement appropriate security protocols. With modern work increasingly taking place on applications on mobile devices, rather than on browsers or desktops, organisations will need to develop a new perimeter defined for the device in order to stop data seeping between cloud apps.
This is where enrolling devices in a unified endpoint management (UEM) solution becomes essential. Enrolling devices ensures that devices are encrypted and allows IT to enforce appropriate authentication and security policies. It also gives IT the opportunity to delete dangerous apps over-the-air and stop business data from seeping between different cloud-based apps. Enrolling devices in such a way not only serves to maximise the gains in productivity that cloud computing has to offer but also helps to ensure data stored in the cloud is secure.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Keep your foot on the gas: Maintaining momentum after your cloud migration
- » Five key takeaways from RSA Conference 2020: Cloud SIEM, Zero Trust, API-based security, and more
- » Realising the impact of unsecured container deployments: A guide
- » How to accelerate your hyperconverged healthcare cloud: A guide
- » What is cyber insurance truly worth? Analysing the risks and responses