The security world once was able to (safely) gather and discuss all things topical and relevant to the industry during the 2022 RSA Conference. There were tons of takeaways, with one survey of attendees finding remote work was the number one concern for 17% and ransomware affecting 19% the most. But the main concern for the largest group, 37% of the attendees, was cloud security.
And while we’ve touched on security topics from specific things like protecting against $43B scams and how Microsoft Azure works to why more cyber security training is important, nothing quite scratched the itch on the best ways to beef up cloud security.
The conference brought these questions to the surface, but the last 18 months have been rough on businesses of all kinds. If you’ve been able to avoid a breach, count yourself lucky as one Ermetic report found 79% of companies experienced at least one cloud data breach over that time. Another 43% have reported 10 or more breaches in that time.
Today, 92% of organizations are now hosting at least part of their business environment on the cloud. That means if you’re reading this you are probably using the cloud in one way or another. Luckily, no matter how bad the statistics make it feel, we’ve come up with five easy and affordable ways to strengthen the cloud security at your business.
1. Rethink Access Control by Utilizing “Zero Trust”
Modern security threats require modern security solutions. Changing your password from “PASSWORD” to “PASSWORD123!” may technically help keep you a little safer, but with the tools currently available to those aiming to get into your system, it’s not enough. Today’s advice is to always assume a breach in order to protect your network as though an attacker has breached the network perimeter.
Read the blog: Four Practical Password Tips You Can Actually Follow
By taking a constant zero-trust approach that verifies every identity of every user every time – while also validating device health, enforcing least-privilege access, and capturing and analyzing telemetry – your entire network becomes significantly more secure.
How to Rethink Access Control by Utilizing “Zero Trust”
Institute Multifactor Authentication
This is something we’ve harped on once or twice before. Multifactor Authentication (MFA) provides an additional layer of security by forcing an additional authentication method like something you know (password), something you have (connected/secure device), and something you are (biometrics).
Enforce Conditional Access Strategies
Your team needs instant access, but they also need to be kept from documents and files that aren’t for their eyes. Implement automated access control decisions for accessing your cloud data based on specific conditions.
Ensure Least Privilege Access
Simplify access in multi-cloud work environments using unified cross-cloud visibility. This gives insights into all permissions and identities (and automates) least privilege policy enforcement regularly to protect the most sensitive cloud resources in your cloud.
2. Review & Reinforce Your Security Strategy
Poll your team right now. Ask them about some super basic security topics and how they should act if these situations arise.
Did you get some stutters and question marks? Yeah, that’s normal. And not so great. There are so many constantly-evolving threats, that regularly reviewing and reinforcing your security strategy should be a part of a monthly or quarterly IT topic review. Make sure that, no matter the threats, you have the tools you need to assess your current situation, identify the risks, and mitigate each of them.
Read more here: Why You Need to Implement Cyber Security Training Today
How to Review & Reinforced Your Security Strategy
No, this isn’t an infomercial. Secure score located within Microsoft Defender for Cloud offers hundreds of out-of-the-box recommendations specifically linked to industry best practices and regulatory standards to help you plug every hole. If you don't use Microsoft, CISA has you covered with their free cyber essentials.
Not only should your team be forever learners about their chosen professions, that’s just good business after all, but they should be constantly updated on critical and specific security information like proper external sharing practices.
DevOps teams may not always slot into your day-to-day workings, but it’s still critical to include them in your security strategy construction. Help them understand your needs to better deploy application security systems from the beginning.
3. Utilize Secure Apps & Data Managers
This may be Obvious Statement #1,509,283 but your team should only be using secure applications and data managers. The default should be to protect data, apps, and infrastructure through layered strategies that cover identity, data, hosts, and networks. Did we mention they should always be updated and patched as soon as possible?
How to Utilize Secure Apps & Data Managers
Encrypting your data both at rest and in transit is a must. Most cloud providers offer this by default. Many are also considering encrypting data while it is in use with new confidential computing technologies.
Following Best Practices
Look, you’re already here (right in the middle of all of these other best practices) so you’ve clearly understood this bullet point already. Keep it going!
Sharing the Responsibility
Sometimes keeping everything in-house is important. When it comes to data security and storage, however, sometimes you have to decide between on-premises and full cloud computing power.
4. Actively Thwart Threats in Real-Time
We all know the “stop, drop, and roll” of IT security – protect, detect, and respond. Your daily operational security plan should be influenced by these tenants in addition to security intelligence that identifies rapidly evolving threats so you can respond instantly.
How to Actively Thwart Threats in Real-Time
Leave No Resource Untouched
Whether you’re looking for misdeeds in virtual machines, containers, databases, storage systems, or somewhere else, Microsoft Defender for Cloud has robust threat detection built-in which supports Azure and AWS resources.
Understand Your Immediate Threats
Lean on cloud providers that integrate threat intelligence to provide context about the current threat map. The more full the data, the better decisions can be made.
Upgrade Your SIEM Security
Consider a cloud-native security information and event management (SIEM) tool that can scale with your needs, uses AI to reduce noise, and requires no additional infrastructure.
5. Protect Your Entire Network
Depending on your exact experiences, just about any kind of perspective on IT security is possible. Maybe you’ve avoided threats, maybe you’re fending them off with a stick. But no matter your team’s recent actions, your security solutions must always be ready to meet the challenges of an evolving threat landscape to make it more difficult for attackers to exploit any element of your network.
How to Protect Your Entire Network
Keep a Strong Firewall
Firewalls are important. Yes, even that 2006 Harrison Ford and Paul Bettany film called Firewall. You need to protect your perimeter, detect hostile activity, and build your response through your firewall, so adding a web application firewall (WAF) can protect your web applications from common exploits (like SQL injection and cross-site scripting).
Enable DDoS Protection
One of the most common and malicious attacks, it’s critical to protect against distributed denial of service (DDoS) attacks to maintain availability and performance while containing operating costs.
Learn more about DDoS: The Six Pillars of Securing Your Hybrid Workforce
Create Micro Networks
A “flat” network makes it much easier for attackers to move within your system. Research and consider integrating processes like virtual networking, subnet provisioning, and IP addressing. Use micro-segmentation of your networks to embrace the concept of micro-perimeters and support zero-trust networking.
We say it all the time, but truly every business is different. Every strategy should be well-considered and tailored to your exact needs – but that doesn’t mean these best practices can’t apply to that strategy. In fact, they all do. You do business connected to the internet so your business is at risk of compromise. Through these five steps, your organization can easily strengthen its cloud security across the board.
If you have further questions about the ways your business can strengthen its cloud security, give us a call at (864) 552-1291 and we'll help you evaluate capabilities and options. Also, sign up for PTG Tech Talk for bi-monthly tech news and consider following us on LinkedIn, Facebook, and Twitter!