Your SlideShare is downloading. ×

13 Tips for Cloud Security

87

Published on

Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).

Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
87
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 13 tips for cloud security Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP). These 13 tips can help.
  • 2. Know Your Data Classify the data you will be storing and/or processing in the cloud. How sensitive is it? Does it have value as intellectual property? Is it subject to privacy restrictions such as those specified by HIPAA or Safe Harbor or to standards such as PCI DSS? Then, define the security controls that are appropriate to protect that information. Make sure that the CSP has the appropriate logical and physical controls ─ and that they are effective. “Classify the data you will be storing and/or processing in the cloud.” Know 1
  • 3. Monitor Create a transparent process that controls who can see the information you are storing and/ or processing in the cloud, and then create a “self-destruct” policy for sensitive information that does not need to live indefinitely outside of the confines of your organization. “Create a transparent process that controls who can see information you are storing...” Monito 2 Data Usage
  • 4. 3 Consider two-factor or multi-factor authentication for all information that needs to be restricted. In addition, consider a tier structure for your access policies based on the level of trust you have for each person who has access to your data. Using the correct permissions and the rule of the "least privilege" are among the best protections against accidental or malicious detection. This applies to your CSP too, as well as any companies that you may work with that could potentially have access to your data. “Consider two-factor or multi-factor authentication for all information that needs to be restricted.” 3 Set Set Trust Levels
  • 5. Beef up Strengthen your risk-based authentication techniques and issue security tokens to employees. You’ll also want to make sure your CSP employs identity access and authentication tools that are equal or better then what you have in place. For added security, supplement authentication practices with safeguards such as device or IP tracking and behavioral profiling. “Strengthen your riskbased authentication techniques and issue security tokens to employees.” 4 Beef up 4 Authentication Techniques
  • 6. Log and Report Put comprehensive logging and reporting in place. Logging is critical for incident response and forensics – and the reports and findings after the incident are going to depend heavily on your logging infrastructure. Also, coordinate with your CSP and make sure performance metrics for reporting and auditing are included in your service agreement. “Also, coordinate with your CSP and make sure performance metrics for reporting and auditing are included in your service agreement.” 5 Log 5
  • 7. 6 Make sure that your “golden image” virtual machines and VM templates are hardened and clean. This can be done with initial system hardening when you create the images. Take advantage of technologies that enable you to update the images offline with the latest service and security updates. “Take advantage of technologies that enable you to update the images offline with the latest service and security updates.” Use Use Infrastructure Hardening
  • 8. Employ Protect sensitive data wherever it might be ─ in motion, at rest or in use. Use whole disk encryption, which ensures that all data on the disk ─ not just user data files ─ are encrypted. This can also help prevent offline attacks. All communications to host operating systems and virtual machines should also be encrypted. “All communications to host operating systems and virtual machines should also be encrypted.” Emplo 7 End-to-end Encryption
  • 9. 8 Maintain an optimal security posture by holding the encryption keys. Make sure to retain ownership of your data by retaining ownership of the encryption keys ─ and not giving them to your CSP. “Make sure to retain ownership of your data by retaining ownership of the encryption keys — and not giving them to your CSP.” Hold Hold Your Encryption Keys
  • 10. Develop How you respond to threats and adverse events – and how rapid that response is – is an important component of security. Document responses to events and implement programs to facilitate those responses. Ask your CSP to provide you with documentation of its response plan as well. “Document responses to events and implement programs to facilitate those responses.” 9 Develo 9 a Plan and Educate Your Response Team
  • 11. 10 Perform data integrity checks, such as Message Integrity Codes (parity, CRC), Message Authentication Codes (MD5/ SHA) or Hashed Message Authentication Codes (HMACs) to detect data integrity compromise. If you detect data compromise, restore the data from backup or from a previous object version. “If you detect data compromise, restore the data from backup or from a previous object version.” 10 Make Make Frequent Checks
  • 12. Leverage Consider employing managed security solutions as an extra layer of protection. Security, delivered as a service, allows you to take advantage of leading-edge security technologies and specialized security expertise with no upfront capital investment. “Consider employing managed security solutions as an extra layer of protection.” 11 Security-as-aService Solutions Levera 11
  • 13. Isolate CSP Access Make sure your CSP ensures isolation of access so that software, data and services can be safely partitioned within the cloud and that tenants sharing physical facilities cannot tap into their neighbors’ proprietary information and applications. “..tenants sharing physical facilities cannot tap into their neighbors’ proprietary information and applications.” 12 Isolate 12
  • 14. 13 Whether you are working with a CSP for the first time or have had a long-term business relationship, require maximum transparency into your CSP’s operations. CSPs should be able to provide log files, reports and applications that allow IT administrators to view data traversing their virtual networks and events within the cloud in near real time. “...require maximum transparency into your CSP’s operations.” 11 Insist Insist Upon CSP Transparency
  • 15. To learn more about cloud security, including managed security services, contact Peak 10 at 866-473-2510 or email: solutions@peak10.com.

×