December 20, 2019
10 Steps to Securing Your Cloud Environment
Understanding the shared responsibility model is essential to protecting cloud data.
As a CDW field solution architect, I work with organizations across numerous industries as they grapple with the complexity of securing cloud computing environments. These environments range from full-scale public cloud deployments to internal private clouds, along with varying degrees of hybrid cloud. But whatever the technology, the security issues remain constant. We work with them to protect their data, applications and infrastructure against a wide range of threats.
The most important thing to remember is that security in any cloud environment follows the shared responsibility model. The vendor is responsible for securing the product that they provide to you, but you remain responsible for configuring and using that product securely. If you’re purchasing Infrastructure as a Service server instances, the cloud provider must provide you a secure hypervisor, but you remain responsible for protecting the operating system. If you’re using a Software as a Service platform, the vendor must develop and maintain a secure application, but you remain responsible for managing access controls and limiting the data stored in that service.
Let’s take a look at 10 key steps that you can take to secure your cloud computing deployments.
1. Strengthen Authentication Controls
Use single sign-on to facilitate account management and improve the user experience. Supplement it with multifactor authentication to prevent the reuse of stolen credentials.
2. Deploy Endpoint Protection
Next-generation endpoint protection is a critical security control if you run full operating systems in the cloud. If you’re running containerized computing, make sure that you’ve deployed appropriate controls there as well.
3. Implement IAM Best Practices
Assign identities to every person, application and object in your environment with an identity and access management tool, and then create policies that restrict access based upon time of day, length of access, geolocation and other criteria.
4. Enforce the Principle of Least Privilege
Limit administrative users to modifying cloud objects within their specific scope of responsibility. Avoid the use of shared administrative accounts to maintain accountability.
5. Monitor Your Cloud Environment Carefully
Deploy technology that reaches directly into public cloud environments such as Microsoft Azure and Amazon Web Services to monitor the security of your infrastructure. This is particularly important for environments that must be compliant with the Payment Card Industry Data Security Standard, HIPAA, ISO 27001 and other security standards.
6. Gain Visibility and Control with a CASB Tool
Cloud access security broker (CASB) tools offer active scanning and enforcement of security policies in a consistent manner across cloud services.
7. Segment Cloud Networks
Servers deployed in the cloud should follow the same segmentation standards as on-premises deployments. Place public-facing servers in a demilitarized zone and segment internet-facing systems from internal systems.
8. Capture and Monitor NetFlow Data
Understanding the flow of data between cloud servers helps you identify abnormal activity. This is a customer responsibility under the shared responsibility model.
9. Conduct Penetration Testing
Periodic testing provides visibility into security gaps and helps you assess the state of your security posture.
10. Correlate Logs with SIEM Technology
Security information and event management (SIEM) technology can identify suspicious patterns of activity across multiple systems that might otherwise go undetected.
Following these steps will provide the foundation of a solid cloud security program, protecting your data, applications and infrastructure against existing and emerging threats.