5 ways of securing the public cloud

By: Manoj Rai, Head - Enterprise Application and Mobile Security at Happiest Minds

As cloud computing becomes more sophisticated and mainstream, the shift to the public cloud is gaining tremendous traction. With big-brand clouds (think - Amazon Web Services, Google Cloud Platform and Microsoft Azure) fast evolving, more and more enterprises are moving away from private clouds.

However security is justifiably a top concern when moving applications and data into the public cloud. Some of the questions foremost on everyone’s mind are - How secure is my data? What will happen is there is a breach with the public cloud vendor? How do I ensure that my data is properly protected in this case?

What we need to understand is that security is ultimately a shared responsibility between the company and the public cloud vendor.  According to Forrester, cloud success comes from mastering the “uneven handshake”. While cloud vendors are typically responsible for securing the data center, infrastructure and hypervisor, the onus is on you, as a consumer to close this gap with the necessary OS, users, applications, data and of course, security – in tandem with the vendor.

Journeying to the Public Cloud

The key is to find a cloud provider that fits best for your business. This means you need to thoroughly vet potential vendors and conduct a full risk assessment prior to signing any contract. Considering the fact that different cloud service providers provide varying levels of security, it is best to look at their security and compliance activities and choose one with transparent processes. Once this decision has been made, the next step is to take into account the various security risks and chart possible solutions to create a secure cloud environment. Below are some important stepson how to best protect yourself and
your data in the public cloud.

1. Intelligent encryption

Encryption is a viral security component of any organization and it is all the more important when transferring and storing sensitive data in the cloud. It ensures data confidentiality thus mitigating the risk of data loss or theft in the case of a breach in the cloud. This focus on the data itself rather than placing full emphasis on the infrastructure for protection goes a long way in ensuring that data stays safe even if the network or perimeter security is compromised.

2. Strict identity management and access control

An effective identity management strategy for the cloud can be summed under the three ‘As’ – access, authentication and authorization.  Consumers must ensure that only trusted and authorized users can access the public cloud data through a strong identity management system. Additional layers of authentication measures further help in ensuring a controlled cloud environment. An important note here is to find a good balance between security and developer performance.

3. Smart security at all end-points

In most cases, physical security is usually covered by the cloud provider through regular audits and certifications from accreditation bodies. In certain industries like healthcare, finance and defense, it is a regulatory mandate that there be security at all points along the data path – be it entering or exiting the corporate network or moving along to the cloud and in the cloud itself.

However as a general trend in today’s cloud and BYOD era, it is of utmost importance that the consumer ensures some hardware necessities and best practices for end-point security in addition to the cloud security measures. Mobile devices in particular pose a unique challenge as despite best intentions, users generally do not prioritize securing them. Unfortunately, this results in exposing potential access points to sensitive corporate data. Strong end-point measures typically should encompass mobile/on-device protection, next generation firewalls, network intrusion systems, VPN and up-to-date security architectures.

4. Real-time monitoring & incident response

As part of the shift to a “prevent and control attack” mindset, real-time monitoring through
analytics and forensics enables consumers to identify attacks early in the breach lifecycle. Instant alerts and automatic data collection through analytics enables rapid forensics and insights into behavior from endpoint to the cloud. Armed with these insights, security team can identify potential risks and patterns in real-time, while also determining the path for on immediate remediation.

Organizations should also focus on enterprise level visibility for hosted applications in the cloud in conjunction with the cloud provider, thus providing a multi-pronged approach for quick detection and incident response for security issues.

5. Strong governance framework

A governance framework is an essential tool that will enable your IT security team to assess and manage all risks, security and compliance related to the organization’s cloud environment. This crux of this framework is that it needs a synergy between security, IT, business and the organization itself for a secure cloud. A strong framework typically encompasses stringent security policies, audit compliance, identity management, security control tools, a BYOD policy and a contingency plan.  But to ensure true compliance with cloud policies, organizations have to work closely with IT security teams to understand the unique challenges of cloud security and ways to protect sensitive data workloads. Additionally, educating and training users to comply with the organization’s cloud
policies can go a long way in achieving compliance.

Cloud computing is revolutionizing the way enterprises operate in today’s world with a slew of cost benefits and tremendous economies of scale. As with any other investment, it is your responsibility to ensure that cloud is protected as much as possible. With a robust set of security processes, tools, a clear  BYOD-compatible cloud computing strategy and a strong governance framework in place, there is a significant reduction in risk as you embark into the cloud. And the future is yours as long as your  organization continuously adapts to stay agile and competitive in a fast evolving cloud technology landscape.