Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

13 Tips for Cloud Security

Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).

  • Be the first to comment

  • Be the first to like this

13 Tips for Cloud Security

  1. 1. 13 tips for cloud security Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP). These 13 tips can help.
  2. 2. Know Your Data Classify the data you will be storing and/or processing in the cloud. How sensitive is it? Does it have value as intellectual property? Is it subject to privacy restrictions such as those specified by HIPAA or Safe Harbor or to standards such as PCI DSS? Then, define the security controls that are appropriate to protect that information. Make sure that the CSP has the appropriate logical and physical controls ─ and that they are effective. “Classify the data you will be storing and/or processing in the cloud.” Know 1
  3. 3. Monitor Create a transparent process that controls who can see the information you are storing and/ or processing in the cloud, and then create a “self-destruct” policy for sensitive information that does not need to live indefinitely outside of the confines of your organization. “Create a transparent process that controls who can see information you are storing...” Monito 2 Data Usage
  4. 4. 3 Consider two-factor or multi-factor authentication for all information that needs to be restricted. In addition, consider a tier structure for your access policies based on the level of trust you have for each person who has access to your data. Using the correct permissions and the rule of the "least privilege" are among the best protections against accidental or malicious detection. This applies to your CSP too, as well as any companies that you may work with that could potentially have access to your data. “Consider two-factor or multi-factor authentication for all information that needs to be restricted.” 3 Set Set Trust Levels
  5. 5. Beef up Strengthen your risk-based authentication techniques and issue security tokens to employees. You’ll also want to make sure your CSP employs identity access and authentication tools that are equal or better then what you have in place. For added security, supplement authentication practices with safeguards such as device or IP tracking and behavioral profiling. “Strengthen your riskbased authentication techniques and issue security tokens to employees.” 4 Beef up 4 Authentication Techniques
  6. 6. Log and Report Put comprehensive logging and reporting in place. Logging is critical for incident response and forensics – and the reports and findings after the incident are going to depend heavily on your logging infrastructure. Also, coordinate with your CSP and make sure performance metrics for reporting and auditing are included in your service agreement. “Also, coordinate with your CSP and make sure performance metrics for reporting and auditing are included in your service agreement.” 5 Log 5
  7. 7. 6 Make sure that your “golden image” virtual machines and VM templates are hardened and clean. This can be done with initial system hardening when you create the images. Take advantage of technologies that enable you to update the images offline with the latest service and security updates. “Take advantage of technologies that enable you to update the images offline with the latest service and security updates.” Use Use Infrastructure Hardening
  8. 8. Employ Protect sensitive data wherever it might be ─ in motion, at rest or in use. Use whole disk encryption, which ensures that all data on the disk ─ not just user data files ─ are encrypted. This can also help prevent offline attacks. All communications to host operating systems and virtual machines should also be encrypted. “All communications to host operating systems and virtual machines should also be encrypted.” Emplo 7 End-to-end Encryption
  9. 9. 8 Maintain an optimal security posture by holding the encryption keys. Make sure to retain ownership of your data by retaining ownership of the encryption keys ─ and not giving them to your CSP. “Make sure to retain ownership of your data by retaining ownership of the encryption keys — and not giving them to your CSP.” Hold Hold Your Encryption Keys
  10. 10. Develop How you respond to threats and adverse events – and how rapid that response is – is an important component of security. Document responses to events and implement programs to facilitate those responses. Ask your CSP to provide you with documentation of its response plan as well. “Document responses to events and implement programs to facilitate those responses.” 9 Develo 9 a Plan and Educate Your Response Team
  11. 11. 10 Perform data integrity checks, such as Message Integrity Codes (parity, CRC), Message Authentication Codes (MD5/ SHA) or Hashed Message Authentication Codes (HMACs) to detect data integrity compromise. If you detect data compromise, restore the data from backup or from a previous object version. “If you detect data compromise, restore the data from backup or from a previous object version.” 10 Make Make Frequent Checks
  12. 12. Leverage Consider employing managed security solutions as an extra layer of protection. Security, delivered as a service, allows you to take advantage of leading-edge security technologies and specialized security expertise with no upfront capital investment. “Consider employing managed security solutions as an extra layer of protection.” 11 Security-as-aService Solutions Levera 11
  13. 13. Isolate CSP Access Make sure your CSP ensures isolation of access so that software, data and services can be safely partitioned within the cloud and that tenants sharing physical facilities cannot tap into their neighbors’ proprietary information and applications. “..tenants sharing physical facilities cannot tap into their neighbors’ proprietary information and applications.” 12 Isolate 12
  14. 14. 13 Whether you are working with a CSP for the first time or have had a long-term business relationship, require maximum transparency into your CSP’s operations. CSPs should be able to provide log files, reports and applications that allow IT administrators to view data traversing their virtual networks and events within the cloud in near real time. “...require maximum transparency into your CSP’s operations.” 11 Insist Insist Upon CSP Transparency
  15. 15. To learn more about cloud security, including managed security services, contact Peak 10 at 866-473-2510 or email: solutions@peak10.com.

    Be the first to comment

    Login to see the comments

Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).

Views

Total views

300

On Slideshare

0

From embeds

0

Number of embeds

2

Actions

Downloads

7

Shares

0

Comments

0

Likes

0

×