Cloud Security

 

Over the past decade in IT, I have witnessed the trend change from physical hardware and software networks to virtual computing such as VMware, and more recently move towards cloud computing. According to www.CIO.com, cloud services offer a multitude of benefits including but not limited to: reduced infrastructure complexity, rapid provisioning, and hardware consolidation (Tennable, 2015). However, the move to the cloud offers new challenges as well. Some of these challenges include sprawl, dynamic environments, many layers and many players, and securing cloud environments. To properly secure a cloud environment, you must: define policies and procedures, make a plan to stay compliant with change control, plan to harden and control systems, scan the environment, make sure the right people have access to the right data, fix the problems identified in these processes, and repeat this on a regular basis (Tennable, 2015).

There are four important cloud security solutions: visibility into cloud data, control cloud data, access to cloud data and applications, and compliance (Mcafee, 2015). In order to have visibility into the cloud data, one must know what data is stored in the cloud, who is using that cloud data, the roles of users with the access to cloud data, who the cloud users share the data with, where the data is being stored, where’s the data located, and finally which devices are accessing the data and downloading it. Once you know who, what, and how the cloud data is being accessed, cloud controls must then be applied to secure it (Mcafee, 2015). This is done by data classification, data loss prevention, collaboration controls, and encryption. Data should be classified by different access levels such as: sensitive, regular, or public. A data loss prevention solution can be implemented to keep out unauthorized access to cloud data. Collaboration controls can be implemented in the cloud to downgrade folder or file permissions, removing permissions, and revoking shared links. Finally, encryption can be implemented to secure the data itself, even if it has been hacked or compromised (Mcafee, 2015).

A special challenge that is introduced with cloud environments is that by adding cloud technology, also other teams and skillsets are also added to the security mix of the environment (Tennable, 2015). Lack of knowledge and training may be added into the scenario since cloud technology is still relatively new. This can quickly create silos of expertise which can make it difficult to gauge an actual risk profile of the environment. These challenges can be mitigated by developing and implementing both a proper cloud security training program and policies and procedures such as an enterprise security plan, along with unique risk assessments. 

 

References

Tenable. (2015, November 11). Challenges of managing security for virtual and Cloud Environments. CIO. Retrieved December 25, 2021, from https://www.cio.com/article/242645/challenges-of-managing-security-for-virtual-and-cloud-environments.html

What is cloud security? how to secure the cloud. McAfee. (n.d.). Retrieved December 25, 2021, from https://www.mcafee.com/enterprise/en-us/security-awareness/cloud.html