SlideShare a Scribd company logo

13 Tips for Cloud Security

Peak 10
Peak 10

Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP).

Technology
1 of 15
Download to read offline
13 tips for cloud security Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP). These 13 tips can help.
Know Your Data Classify the data you will be storing and/or processing in the cloud. How sensitive is it? Does it have value as intellectual property? Is it subject to privacy restrictions such as those specified by HIPAA or Safe Harbor or to standards such as PCI DSS? Then, define the security controls that are appropriate to protect that information. Make sure that the CSP has the appropriate logical and physical controls ─ and that they are effective. “Classify the data you will be storing and/or processing in the cloud.” Know 1
Monitor Create a transparent process that controls who can see the information you are storing and/ or processing in the cloud, and then create a “self-destruct” policy for sensitive information that does not need to live indefinitely outside of the confines of your organization. “Create a transparent process that controls who can see information you are storing...” Monito 2 Data Usage
3 Consider two-factor or multi-factor authentication for all information that needs to be restricted. In addition, consider a tier structure for your access policies based on the level of trust you have for each person who has access to your data. Using the correct permissions and the rule of the "least privilege" are among the best protections against accidental or malicious detection. This applies to your CSP too, as well as any companies that you may work with that could potentially have access to your data. “Consider two-factor or multi-factor authentication for all information that needs to be restricted.” 3 Set Set Trust Levels
Beef up Strengthen your risk-based authentication techniques and issue security tokens to employees. You’ll also want to make sure your CSP employs identity access and authentication tools that are equal or better then what you have in place. For added security, supplement authentication practices with safeguards such as device or IP tracking and behavioral profiling. “Strengthen your riskbased authentication techniques and issue security tokens to employees.” 4 Beef up 4 Authentication Techniques
Log and Report Put comprehensive logging and reporting in place. Logging is critical for incident response and forensics – and the reports and findings after the incident are going to depend heavily on your logging infrastructure. Also, coordinate with your CSP and make sure performance metrics for reporting and auditing are included in your service agreement. “Also, coordinate with your CSP and make sure performance metrics for reporting and auditing are included in your service agreement.” 5 Log 5
6 Make sure that your “golden image” virtual machines and VM templates are hardened and clean. This can be done with initial system hardening when you create the images. Take advantage of technologies that enable you to update the images offline with the latest service and security updates. “Take advantage of technologies that enable you to update the images offline with the latest service and security updates.” Use Use Infrastructure Hardening
Employ Protect sensitive data wherever it might be ─ in motion, at rest or in use. Use whole disk encryption, which ensures that all data on the disk ─ not just user data files ─ are encrypted. This can also help prevent offline attacks. All communications to host operating systems and virtual machines should also be encrypted. “All communications to host operating systems and virtual machines should also be encrypted.” Emplo 7 End-to-end Encryption
8 Maintain an optimal security posture by holding the encryption keys. Make sure to retain ownership of your data by retaining ownership of the encryption keys ─ and not giving them to your CSP. “Make sure to retain ownership of your data by retaining ownership of the encryption keys — and not giving them to your CSP.” Hold Hold Your Encryption Keys
Develop How you respond to threats and adverse events – and how rapid that response is – is an important component of security. Document responses to events and implement programs to facilitate those responses. Ask your CSP to provide you with documentation of its response plan as well. “Document responses to events and implement programs to facilitate those responses.” 9 Develo 9 a Plan and Educate Your Response Team
10 Perform data integrity checks, such as Message Integrity Codes (parity, CRC), Message Authentication Codes (MD5/ SHA) or Hashed Message Authentication Codes (HMACs) to detect data integrity compromise. If you detect data compromise, restore the data from backup or from a previous object version. “If you detect data compromise, restore the data from backup or from a previous object version.” 10 Make Make Frequent Checks
Leverage Consider employing managed security solutions as an extra layer of protection. Security, delivered as a service, allows you to take advantage of leading-edge security technologies and specialized security expertise with no upfront capital investment. “Consider employing managed security solutions as an extra layer of protection.” 11 Security-as-aService Solutions Levera 11
Isolate CSP Access Make sure your CSP ensures isolation of access so that software, data and services can be safely partitioned within the cloud and that tenants sharing physical facilities cannot tap into their neighbors’ proprietary information and applications. “..tenants sharing physical facilities cannot tap into their neighbors’ proprietary information and applications.” 12 Isolate 12
13 Whether you are working with a CSP for the first time or have had a long-term business relationship, require maximum transparency into your CSP’s operations. CSPs should be able to provide log files, reports and applications that allow IT administrators to view data traversing their virtual networks and events within the cloud in near real time. “...require maximum transparency into your CSP’s operations.” 11 Insist Insist Upon CSP Transparency
To learn more about cloud security, including managed security services, contact Peak 10 at 866-473-2510 or email: solutions@peak10.com.

Recommended

Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & Sécurité
Technofutur TIC
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-management
Amit Bhargava
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
thinkASG
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)
Maganathin Veeraragaloo
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015
Paul Hogan
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
YounesChafi1
 
Unlock the full potential of IoT
Unlock the full potential of IoT Unlock the full potential of IoT
Unlock the full potential of IoT
Happiest Minds Technologies
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Global Business Events
 

Recommended

Cloud & Sécurité
Cloud & SécuritéCloud & Sécurité
Cloud & Sécurité
Technofutur TIC
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-management
Amit Bhargava
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
thinkASG
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)
Maganathin Veeraragaloo
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015
Paul Hogan
 
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdfsecureit-cloudsecurity-151130141528-lva1-app6892.pdf
secureit-cloudsecurity-151130141528-lva1-app6892.pdf
YounesChafi1
 
Unlock the full potential of IoT
Unlock the full potential of IoT Unlock the full potential of IoT
Unlock the full potential of IoT
Happiest Minds Technologies
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Global Business Events
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
HTS Hosting
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
KloudLearn
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Michael Bunn
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
SafeNet
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
CloudSecurityAllianceAustralia
 
How to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven cultureHow to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven culture
Shahid Shah
 
SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khai
Security Bootcamp
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
Ulf Mattsson
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
Armor
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting Services
ePlus
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA Australia
CloudSecurityAllianceAustralia
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security Landscape
ePlus
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
Splunk
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Tripwire
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust - Cybersecurity as a Service
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
Ulf Mattsson
 
Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodology
tbeckwith
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
jaredcarst
 

More Related Content

What's hot

The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
HTS Hosting
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
KloudLearn
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Michael Bunn
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
SafeNet
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Blue Coat
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
CloudSecurityAllianceAustralia
 
How to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven cultureHow to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven culture
Shahid Shah
 
SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khai
Security Bootcamp
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
Ulf Mattsson
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
Armor
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting Services
ePlus
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA Australia
CloudSecurityAllianceAustralia
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security Landscape
ePlus
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
Splunk
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Tripwire
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust - Cybersecurity as a Service
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
Ulf Mattsson
 

What's hot (20)

The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat Protection
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
CSA Standards Development Summary
CSA Standards Development SummaryCSA Standards Development Summary
CSA Standards Development Summary
 
How to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven cultureHow to emrace risk-based Security management in a compliance-driven culture
How to emrace risk-based Security management in a compliance-driven culture
 
SCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khaiSCB 2013 DLP, công nghệ, và phương pháp triển khai
SCB 2013 DLP, công nghệ, và phương pháp triển khai
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting Services
 
Why CSA Australia
Why CSA AustraliaWhy CSA Australia
Why CSA Australia
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security Landscape
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the CloudHerding Pets and Cattle: Extending Foundational Controls Into the Cloud
Herding Pets and Cattle: Extending Foundational Controls Into the Cloud
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet EN
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
 

Similar to 13 Tips for Cloud Security

Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodology
tbeckwith
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
jaredcarst
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
sukhpreetsingh295239
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
Infosectrain3
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Forgeahead Solutions
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud
Iron Mountain
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
Amazon Web Services
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
Integral university, India
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
GE코리아
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
Peak 10
 
Data Security and Compliance in Enterprise Cloud Migration.pdf
Data Security and Compliance in Enterprise Cloud Migration.pdfData Security and Compliance in Enterprise Cloud Migration.pdf
Data Security and Compliance in Enterprise Cloud Migration.pdf
Flentas
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
Amazon Web Services
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
Seven steps for improving cloud security with business integration
Seven steps for improving cloud security with business integrationSeven steps for improving cloud security with business integration
Seven steps for improving cloud security with business integration
Vijilan IT Security solutions
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game plan
Securestorm
 

Similar to 13 Tips for Cloud Security (20)

Dlp Methodology
Dlp MethodologyDlp Methodology
Dlp Methodology
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdfTop Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
 
Data Security and Compliance in Enterprise Cloud Migration.pdf
Data Security and Compliance in Enterprise Cloud Migration.pdfData Security and Compliance in Enterprise Cloud Migration.pdf
Data Security and Compliance in Enterprise Cloud Migration.pdf
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
Seven steps for improving cloud security with business integration
Seven steps for improving cloud security with business integrationSeven steps for improving cloud security with business integration
Seven steps for improving cloud security with business integration
 
Simplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game planSimplifying Security for Cloud Adoption - Defining your game plan
Simplifying Security for Cloud Adoption - Defining your game plan
 

More from Peak 10

10-TOP-IT-INITIATIVES_6-6-16
10-TOP-IT-INITIATIVES_6-6-1610-TOP-IT-INITIATIVES_6-6-16
10-TOP-IT-INITIATIVES_6-6-16
Peak 10
 
7_Questions_DR_Plan_6-23-16
7_Questions_DR_Plan_6-23-167_Questions_DR_Plan_6-23-16
7_Questions_DR_Plan_6-23-16
Peak 10
 
IT Industry terms, a guide to getting it right.
IT Industry terms, a guide to getting it right.IT Industry terms, a guide to getting it right.
IT Industry terms, a guide to getting it right.
Peak 10
 
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of ChoiceTOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
Peak 10
 
Advantages of Converged Infrastructures
Advantages of Converged InfrastructuresAdvantages of Converged Infrastructures
Advantages of Converged Infrastructures
Peak 10
 
New Tampa Data Center - Peak 10
New Tampa Data Center - Peak 10New Tampa Data Center - Peak 10
New Tampa Data Center - Peak 10
Peak 10
 
Cloud Migration
Cloud Migration Cloud Migration
Cloud Migration
Peak 10
 
Buyers Guide To Cloud
Buyers Guide To CloudBuyers Guide To Cloud
Buyers Guide To Cloud
Peak 10
 
Governance Tips for Midmarket IT Leaders
Governance Tips for Midmarket IT LeadersGovernance Tips for Midmarket IT Leaders
Governance Tips for Midmarket IT Leaders
Peak 10
 
Tips for Securing ePHI in the Cloud
Tips for Securing ePHI in the CloudTips for Securing ePHI in the Cloud
Tips for Securing ePHI in the Cloud
Peak 10
 
Top 10 Reasons for Colocation
Top 10 Reasons for ColocationTop 10 Reasons for Colocation
Top 10 Reasons for Colocation
Peak 10
 
Tips For Being Compliance Ready
Tips For Being Compliance ReadyTips For Being Compliance Ready
Tips For Being Compliance Ready
Peak 10
 
Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let It
Peak 10
 
How to solve your IT problems in 7 days
How to solve your IT problems in 7 daysHow to solve your IT problems in 7 days
How to solve your IT problems in 7 days
Peak 10
 
The Whats, Whys and Hows of Database as a Service
The Whats, Whys and Hows of Database as a ServiceThe Whats, Whys and Hows of Database as a Service
The Whats, Whys and Hows of Database as a Service
Peak 10
 
10 Tech Trends for 2014
10 Tech Trends for 201410 Tech Trends for 2014
10 Tech Trends for 2014
Peak 10
 
Five Workload-to-Cloud Migration Methods
Five Workload-to-Cloud Migration MethodsFive Workload-to-Cloud Migration Methods
Five Workload-to-Cloud Migration Methods
Peak 10
 
Peak 10 Cloud Delivered Desktop
Peak 10 Cloud Delivered DesktopPeak 10 Cloud Delivered Desktop
Peak 10 Cloud Delivered Desktop
Peak 10
 
CIO: Your Survival Guide
CIO: Your Survival GuideCIO: Your Survival Guide
CIO: Your Survival Guide
Peak 10
 

More from Peak 10 (19)

10-TOP-IT-INITIATIVES_6-6-16
10-TOP-IT-INITIATIVES_6-6-1610-TOP-IT-INITIATIVES_6-6-16
10-TOP-IT-INITIATIVES_6-6-16
 
7_Questions_DR_Plan_6-23-16
7_Questions_DR_Plan_6-23-167_Questions_DR_Plan_6-23-16
7_Questions_DR_Plan_6-23-16
 
IT Industry terms, a guide to getting it right.
IT Industry terms, a guide to getting it right.IT Industry terms, a guide to getting it right.
IT Industry terms, a guide to getting it right.
 
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of ChoiceTOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
TOP 10 Reasons to Make Peak 10 Your Cloud Provider of Choice
 
Advantages of Converged Infrastructures
Advantages of Converged InfrastructuresAdvantages of Converged Infrastructures
Advantages of Converged Infrastructures
 
New Tampa Data Center - Peak 10
New Tampa Data Center - Peak 10New Tampa Data Center - Peak 10
New Tampa Data Center - Peak 10
 
Cloud Migration
Cloud Migration Cloud Migration
Cloud Migration
 
Buyers Guide To Cloud
Buyers Guide To CloudBuyers Guide To Cloud
Buyers Guide To Cloud
 
Governance Tips for Midmarket IT Leaders
Governance Tips for Midmarket IT LeadersGovernance Tips for Midmarket IT Leaders
Governance Tips for Midmarket IT Leaders
 
Tips for Securing ePHI in the Cloud
Tips for Securing ePHI in the CloudTips for Securing ePHI in the Cloud
Tips for Securing ePHI in the Cloud
 
Top 10 Reasons for Colocation
Top 10 Reasons for ColocationTop 10 Reasons for Colocation
Top 10 Reasons for Colocation
 
Tips For Being Compliance Ready
Tips For Being Compliance ReadyTips For Being Compliance Ready
Tips For Being Compliance Ready
 
Security Hurts Business - Don't Let It
Security Hurts Business - Don't Let ItSecurity Hurts Business - Don't Let It
Security Hurts Business - Don't Let It
 
How to solve your IT problems in 7 days
How to solve your IT problems in 7 daysHow to solve your IT problems in 7 days
How to solve your IT problems in 7 days
 
The Whats, Whys and Hows of Database as a Service
The Whats, Whys and Hows of Database as a ServiceThe Whats, Whys and Hows of Database as a Service
The Whats, Whys and Hows of Database as a Service
 
10 Tech Trends for 2014
10 Tech Trends for 201410 Tech Trends for 2014
10 Tech Trends for 2014
 
Five Workload-to-Cloud Migration Methods
Five Workload-to-Cloud Migration MethodsFive Workload-to-Cloud Migration Methods
Five Workload-to-Cloud Migration Methods
 
Peak 10 Cloud Delivered Desktop
Peak 10 Cloud Delivered DesktopPeak 10 Cloud Delivered Desktop
Peak 10 Cloud Delivered Desktop
 
CIO: Your Survival Guide
CIO: Your Survival GuideCIO: Your Survival Guide
CIO: Your Survival Guide
 

Recently uploaded

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 

Recently uploaded (20)

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 

13 Tips for Cloud Security

  • 1. 13 tips for cloud security Protecting your mission-critical data and applications in the cloud can best be accomplished through a joint effort between your organization and your cloud services provider (CSP). These 13 tips can help.
  • 2. Know Your Data Classify the data you will be storing and/or processing in the cloud. How sensitive is it? Does it have value as intellectual property? Is it subject to privacy restrictions such as those specified by HIPAA or Safe Harbor or to standards such as PCI DSS? Then, define the security controls that are appropriate to protect that information. Make sure that the CSP has the appropriate logical and physical controls ─ and that they are effective. “Classify the data you will be storing and/or processing in the cloud.” Know 1
  • 3. Monitor Create a transparent process that controls who can see the information you are storing and/ or processing in the cloud, and then create a “self-destruct” policy for sensitive information that does not need to live indefinitely outside of the confines of your organization. “Create a transparent process that controls who can see information you are storing...” Monito 2 Data Usage
  • 4. 3 Consider two-factor or multi-factor authentication for all information that needs to be restricted. In addition, consider a tier structure for your access policies based on the level of trust you have for each person who has access to your data. Using the correct permissions and the rule of the "least privilege" are among the best protections against accidental or malicious detection. This applies to your CSP too, as well as any companies that you may work with that could potentially have access to your data. “Consider two-factor or multi-factor authentication for all information that needs to be restricted.” 3 Set Set Trust Levels
  • 5. Beef up Strengthen your risk-based authentication techniques and issue security tokens to employees. You’ll also want to make sure your CSP employs identity access and authentication tools that are equal or better then what you have in place. For added security, supplement authentication practices with safeguards such as device or IP tracking and behavioral profiling. “Strengthen your riskbased authentication techniques and issue security tokens to employees.” 4 Beef up 4 Authentication Techniques
  • 6. Log and Report Put comprehensive logging and reporting in place. Logging is critical for incident response and forensics – and the reports and findings after the incident are going to depend heavily on your logging infrastructure. Also, coordinate with your CSP and make sure performance metrics for reporting and auditing are included in your service agreement. “Also, coordinate with your CSP and make sure performance metrics for reporting and auditing are included in your service agreement.” 5 Log 5
  • 7. 6 Make sure that your “golden image” virtual machines and VM templates are hardened and clean. This can be done with initial system hardening when you create the images. Take advantage of technologies that enable you to update the images offline with the latest service and security updates. “Take advantage of technologies that enable you to update the images offline with the latest service and security updates.” Use Use Infrastructure Hardening
  • 8. Employ Protect sensitive data wherever it might be ─ in motion, at rest or in use. Use whole disk encryption, which ensures that all data on the disk ─ not just user data files ─ are encrypted. This can also help prevent offline attacks. All communications to host operating systems and virtual machines should also be encrypted. “All communications to host operating systems and virtual machines should also be encrypted.” Emplo 7 End-to-end Encryption
  • 9. 8 Maintain an optimal security posture by holding the encryption keys. Make sure to retain ownership of your data by retaining ownership of the encryption keys ─ and not giving them to your CSP. “Make sure to retain ownership of your data by retaining ownership of the encryption keys — and not giving them to your CSP.” Hold Hold Your Encryption Keys
  • 10. Develop How you respond to threats and adverse events – and how rapid that response is – is an important component of security. Document responses to events and implement programs to facilitate those responses. Ask your CSP to provide you with documentation of its response plan as well. “Document responses to events and implement programs to facilitate those responses.” 9 Develo 9 a Plan and Educate Your Response Team
  • 11. 10 Perform data integrity checks, such as Message Integrity Codes (parity, CRC), Message Authentication Codes (MD5/ SHA) or Hashed Message Authentication Codes (HMACs) to detect data integrity compromise. If you detect data compromise, restore the data from backup or from a previous object version. “If you detect data compromise, restore the data from backup or from a previous object version.” 10 Make Make Frequent Checks
  • 12. Leverage Consider employing managed security solutions as an extra layer of protection. Security, delivered as a service, allows you to take advantage of leading-edge security technologies and specialized security expertise with no upfront capital investment. “Consider employing managed security solutions as an extra layer of protection.” 11 Security-as-aService Solutions Levera 11
  • 13. Isolate CSP Access Make sure your CSP ensures isolation of access so that software, data and services can be safely partitioned within the cloud and that tenants sharing physical facilities cannot tap into their neighbors’ proprietary information and applications. “..tenants sharing physical facilities cannot tap into their neighbors’ proprietary information and applications.” 12 Isolate 12
  • 14. 13 Whether you are working with a CSP for the first time or have had a long-term business relationship, require maximum transparency into your CSP’s operations. CSPs should be able to provide log files, reports and applications that allow IT administrators to view data traversing their virtual networks and events within the cloud in near real time. “...require maximum transparency into your CSP’s operations.” 11 Insist Insist Upon CSP Transparency
  • 15. To learn more about cloud security, including managed security services, contact Peak 10 at 866-473-2510 or email: solutions@peak10.com.