Businesses can still be a bit nervous about keeping data secure in the cloud. In a recent Zinopy survey where we asked “What factors would prevent you from using a cloud service?” Security came first.
But it is possible to secure your cloud data – just as much as it is possible to secure your on-premises data.
Each cloud provider such as AWS and Azure have a number security controls you can choose. But what do you do if you have other clouds or a multi or hybrid cloud strategy?
Here are 4 areas to be addressed to keep your data secure in the cloud.
- Identity Protection – Multi-Factor Authentication
MFA or 2FA (2 Factor Authentication) is the first port of call. Implementing this is a no-brainer. That second or third factor might be all you need to ensure the hacker looks elsewhere. Companies such as Duo and SwivelSecure offer 2FA and MFA.
- Endpoint management– Mobile Device Management
Services such as Microsoft Intune and Citrix Endpoint Management (formerly XenMobile) enable organisations to manage employee mobile devices and mobile apps so they can securely work when accessing SaaS applications (especially O365) on both enterprise-owned and personal mobile devices or apps. Strict security for identity, apps, devices, data and networks is enforced so that your business information stays protected.
- Data Governance
You must have control over how your corporate data is exchanged and stored. There are a number of solutions to help you with data governance such as MDM (see 3.), Next Generation Firewalls (NGFW), web filtering and data loss prevention (DLP).
- NGFW add application-level inspection and intrusion prevention to the existing firewall function. NGFW can use signature to differentiate between safe and unsafe apps. NGFWs can block malware and are better equipped to address Advanced Persistent Threats (APTs). Nowadays all major vendors support cloud based firewall appliances to provide a transparent experience between on-premises and cloud workload.
- Web Filtering enables you to manage employees’ web access on and off your network by enforcing your organisation’s internet Acceptable Usage Policy. It blocks access to any unsafe internet content or unsanctioned cloud SaaS solution.
- DLP solutions help to classify and protect corporate data according to company policies. This ensures that end users do not send sensitive or critical information outside the corporate environment. Business rules are used to protect information so that unauthorised people cannot accidentally (or maliciously, for that matter) share data they shouldn’t. For example, an employee would not be allowed to upload a corporate file to a cloud platform outside the network such as Dropbox.
- Cloud assets security monitoring
To be as effective as possible organisations need ongoing 24×7 security monitoring and incident management. Trilogy’s SIEM combines IBM QRadar’s with our Security Operations Centre to defend organisations from cyber-attacks.
Cloud providers (like Azure and AWS) and SaaS solutions (like O365) can work in conjunction with SIEM to enable organisations to discover, monitor and secure cloud accounts and data. This reduces the risk of introducing security issues and improves overall security.
Addressing these four key areas will help secure your data, mitigate against cyber threats and support compliance.