Cloud Security Best Practices: What You Need To Know
As more and more businesses move to the cloud, cloud security best practices continues to be a topic of discussion. Organizations utilize the cloud in order to take advantage of the mobility it provides. Having anywhere, anytime and any device access to your data and applications tremendously boosts productivity. Another reason to consider cloud computing is to lower your IT maintenance costs and to mitigate the risks of data loss and downtime, which are more commonly a problem when you’re on an on-premise solution due to the complexity of providing these types of systems. Just consider the following compelling numbers for users of on-premise systems1:
- 50% of all tape backups fail to restore
- 96% of business workstations are not backed up routinely
- 94% of businesses that experience a big data loss go out of business
These numbers tell us that there is great complexity and risk when running your data in an on-premise system, whereas using a cloud computing environment makes this simple and easy to use. Cloud computing also allows you to scale more quickly.
While the benefits of cloud computing are clear, hesitation remains on the part of some due to negative perceptions surrounding cloud security. These perceptions unfortunately hold organizations back from achieving the mobility needed to keep up in the modern business world. Once an organization understands their role in keeping cloud systems secure, including key steps they can take to prevent a security breach, they can put into place cloud security policies and practices that retain the safety and security of their data and finally move up to the cloud.
What Cloud Security Best Practices Should Your Company Follow?
Cloud security responsibilities are jointly shared between a cloud services provider and its customers. Below, we’ve identified three important cloud security best practices your organization should follow when moving to the cloud.
1. Ensure that data encryption in transit is in place
Ensuring the privacy of all data communication between your users and applications is critical. Make sure that the cloud applications you are using have current SSL Certificates. Secure Sockets Layer (SSL) is the industry standard security technology used by millions of websites in the protection of online transactions. Both you and your customers know that the transactions within the browser are secure when you see a key indicator, or lock icon, in the browser window. Clicking on the lock icon will display information about the SSL Certificate. SSL Certificates do expire and need to be renewed. For many cloud applications, the provider manages SSL Certificates and renewals for you, while others do not. It’s important that you know how your SSL Certificates will be managed and that you keep up with renewals. You’ll also want to make sure password encryption is in place.
2. Set Stringent Password Policies and Controls
Even if users start out initially with secure passwords, it’s likely they will later change the passwords to be simpler for ease of logging in. In many cloud system, you can prevent that by configuring a group policy for passwords in the system’s settings. The following settings help to make passwords more secure:
- Minimum and maximum password age settings, which allow you to identify the range of time for which a user may keep a password
- Complexity requirements will help users create secure passwords. Requirements to consider include
- Length of password
- Characters required, such as the password must contain uppercase and lowercase letters, numbers and symbols
- Limits of password, for example the password cannot contain certain words or parts of words such as the user’s and organization’s names
- Password history options that allow you to set how frequently old passwords can be reused
3. Protect and Secure Users’ Devices
Laptops, tablets and smartphones are all mobile computers with the same security concerns as a PC. If your users are doing business with these mobile devices, they need to follow best practices that help to protect their devices. Among those we highly recommend are
- Incorporating two factor authentication, which would require an application password as well as Multi-Factor Authentication (MFA) tokens. MFA is a security system that often has to be set up through an integration with the application.
- Setting secure device passcodes to lock phones and other devices.
- Keeping the device software current, including the operating systems, security software and web browsers.
- Being careful not to access or send private, confidential or sensitive data when using an unsecured or unprotected network.
- Adjusting the security settings for who can access your device for when you are using a wifi hotspot.
What Security Features Should Your Cloud Providers Manage?
When running your data in the cloud, you are relying on the security practices of your cloud services providers. You’ll want to do your homework to make sure that your cloud services providers follow industry best practices in securing your systems and data. Below are features we recommend looking into.
1. Consider encrypting your data at rest
This is an extra layer of complexity and results in some performance overhead. It also means you need a key to encrypt the data and if you lose the key your data is gone. Whatever application you use must also support this type of encryption. Even with the extra overhead, it can be worth the effort in order to achieve the highest levels of protection for sensitive or private data.
2. Ensure your cloud services provider “shreds” your data when no longer utilizing a server
Once you are no longer utilizing a cloud server and before the server gets reused by another party, your cloud services provider needs to “shred” your data so it’s no longer recoverable, up to military standards.
3. Ensure your cloud services provider offers high data availability
To ensure the highest level of 24×7 availability, your cloud services provider should follow these best practices:
- Firewalls protect applications from intrusion and unnecessary access.
- Data is securely replicated on redundant servers and databases located in different regions for disaster recovery purposes. If one of the servers or zones has a failure, the continuity of your business is ensured as another zone immediately picks up the load.
- Environmental control, continuous system monitoring, and regular preventative maintenance are in place for optimal system performance.
- Data center monitoring including professional security and surveillance systems protect your data 24×7.
- Power backups, fire detection and suppression systems intended for use in data centers reduce the risk of data loss during outages or fires.
At Trek Global, the Infrastructure as a Service (IaaS) provider of choice is Amazon Web Services. Trek Global’s Network Administrator, Isaiah Salinas, described why he prefers to work with AWS over Microsoft Azure and Google Cloud Platform which are two other top IaaS providers: “The reason I’ve always preferred AWS over other cloud providers is partly that they’ve been doing it longer, but also the biggest reason is that they have the best security architecture in place for our customers.”
Trek Global provides cloud enterprise solutions for organizations of all sizes that need mobility and high levels of security for their data and systems. As early cloud adopters, we’ve successfully worked with AWS for more than 10 years, helping many companies along the way make the move up to the cloud. Contact us to learn more about the benefits of the cloud and our cloud solutions:
1Unitrends, 7 Shortcuts to Losing Your Data.