3 Steps For Secure Cloud Deployment

Attacks on cloud-based services rose from 19 percent two years ago to 33 percent in 2015, according to Arbor Worldwide Infrastructure Security Report XI, 2016. As the number of enterprises moving data via cloud architecture rises, so do attacks on cloud-based services.

With 6 out of 10 network buyers planning to increase cloud-related spending this year, enterprises need to have a plan for security, both on-premise and in the cloud.

Enterprises should consider these three areas of security concern before undertaking a large-scale cloud deployment.

1. Cloud Access

Employees no longer sit at a desk in one location. They work remotely; they access the network from conferences and coffee shops. In fact, 95 percent of employees work from mobile locations — meaning any place other than their office — at least once a month, according to Forrester’s Business Technographics Telecom & Mobility Workforce Survey.

These users rely on a public internet connection, opening up a variety of vulnerability points.

Here are three ways to monitor and protect access when a public internet connection is key:

• A managed cloud firewall with Network Address Translation (NAT) can be an easy way to protect internet connections. Outsourcing the management frees up internal resources for other projects and allows users to respond quickly to the demands of the business.
• Secure Remote Access or other IPSec solutions are options for securing public internet ports used by mobile employees and provide access to the entire network. These solutions also provide a low cost, reliable avenue for remote global site expansion projects and cloud connections.
• Secure Socket Layer (SSL) VPN can remove the need for client software compatibility and only provides access to pre-specified applications and services. If you’re serving a significant number of mobile users, check with your cloud provider to ensure client or SSL connections are feasible.

If users aren’t dependent on the public internet to access resources, migrate to a virtual private network (VPN) connection for cloud access. Reducing publically addressable end-points helps minimize the complexity of managing security and takes advantage of the inherent security aspects of private connections. Microsoft Azure, Amazon Web Services and Google Cloud all offer this option with various network partners.

2. Data Storage and Use

Data loss protection (DLP) and data encryption continue to be hotly debated security topics.

DLP provides a view of where data is stored across cloud, mobile and on-premise environments and helps enterprises with the use of that data. Some cloud service providers are starting to offer DLP content detection, monitoring and protection on their servers. In the future, DLP will become a feature in network-based security cloud gateways.

Another key to securing data is to take a full view of what data, and its value, is stored by your company.

Due to the complexity and cost of encryption, you need to prioritize what should be encrypted and the best method for your business.

An “encrypt everything” model in the cloud can interrupt application function, reporting and search functionality. For the user, encryption can seem too invasive to their daily work stream, which often results in creative circumvention of security systems.

Various data encryption models to consider include:

• Full Disk Encryption
• Container or Volume Encryption
• File or Folder Encryption
• Application Encryption

Traditional on-premise devices introduce a single point of failure and often lack the scalability that cloud applications require. Utilizing network-based security gateways and encryption offered by cloud providers are one way to scale this process.

3. End Users

Uneducated employees are a company’s biggest cyber risk. However, an educated user can be an asset for security, identifying and reporting anomalous situations like phishing attacks. Security initiatives should include employee training and security certification.

The challenge is assessing and prioritizing vulnerability points to use resources wisely for the biggest impact. The first step should be an independent vulnerability assessment and penetration test project.

This third-party tool will help assess areas of weakness — maybe phishing attempts to employees — and prioritize risk vulnerabilities.

By educating end users and identifying the biggest security risks, you can start to take action to remediate the issues and create a uniform security posture.

Connecting to applications in the cloud has become a networking way of life, and so too has the challenge of securing these deployments. It’s tough to stay ahead with the constant introduction of security technologies and both budget and staffing constraints.

While these three areas are key for 2016, we may see a noticeable shift in deployment or needs in 2017.

As we look toward our future in the cloud, we must also look toward avenues for securing our future.