Developing cloud security best practices to ensure resilient and reliable architecture for the business
Everybody knows about the cloud. It’s the space within which data and software applications thrive, accessing and storing information that drives business intelligence, storage, insights and infrastructure. It’s also become a security concern for any organisation that’s paid attention to the news. Hacks, breaches, fraud, loopholes and weak employee security practices continue to place the organisation at risk – a risk that has to be managed to ensure compliance with global data regulatory requirements such as the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States.
Cloud, while ubiquitous and invaluable, has a lot to answer for when it comes to securing both data and the organisation. Some of the main concerns of Office 365 security managers include human access, cloud misconfiguration, data leakages and API abuse. Here we take a look at methodologies and solutions that can be used for securing data in the cloud.
Cloud security best practices
Challenge 01: Human Access: managing unauthorized access
One of the primary ways in which the organisation can suffer from a data breach is through unauthorized access to either system or premises. This can come about as the result of a hack or due to employee negligence, but is one of the leading causes of information and data loss from within the enterprise.
On the physical front, securing access to premises can be managed, ironically, through the use of cloud solutions that blend the physical with the virtual for a holistic view of the company. Using biometrics, ID cards, and multi-factor authentication methods, security managers can lock down secure area access. Multi-factor authentication has become one of the de facto solutions for both physical and virtual security as it only grants access once several systems have been bypassed at the same time. If a stolen employee ID card is used to access the building, further access can only be granted by biometric identification or an alternative form of ID. Smart access control systems have become increasingly popular as they can integrate with digital cameras and other digital systems to provide intelligent insights into employee behavior which allows for aberrations to be detected in time.
On the virtual front, multi-factor authentication across biometrics, passwords, and ID provide a solid wall of protection from unauthorized access. In addition, it is the first step recommended by Microsoft as best practice for security Office 365 and Microsoft 365 business. Of course, it goes without saying that any passwords used by employees be strong enough to withstand a hack. As the most common passwords still remain 12345 and qwerty, this is a vital part of employee education.
Challenge 02: Cloud Misconfiguration – Wrong Credentials and Sharing
A 2016 survey of 17 million users across 600 enterprises found that 71.4% of Office 365 Business users have one compromised account a month. That’s a significant hole in the security system and one that can be resolved through accurate configuration of the system. It’s also worth working with an external company that can provide you with insight into your vulnerabilities so you can develop a comprehensive cloud access security strategy. What you need is visibility into your configuration, credentials and sharing to ensure that your systems have the right layers of protection in place.
Misconfiguration can present a significant risk. Earlier this year, misconfigured security settings in an Azure-hosted database resulted in around 250 million technical support accounts being exposed. Microsoft’s analysis of the situation found the problem – a misconfiguration of security rules with the database’s network security group.
In conjunction with identity access management tools as mentioned earlier, organisations should consider investing into intrusion controls and network security tools that can provide end-to-end security. This should come hand-in-hand with an incident response strategy and team that’s in place to minimize the damage should a breach come about as a result of a misconfigured system or access through illegally obtained credentials.
Challenge 03: Data Leakages – Private and Confidential Data
According to IBM Research, data leaks from misconfigured cloud systems have increased by a significant percentage and the cost has followed suit. Private and confidential data has to be protected by stringent security measures to ensure compliance with regulation and to avoid the unpleasant results of a hack – loss of reputation and revenue, for example. In addition to the cloud security best practices of multi-factor authentication, access control, network security, incident response and security managers should invest into cloud visibility tools. These can help minimise the problems caused by human error, potentially identify issues before they become a threat, and create a more holistic view of the cloud security system overall.
Enterprise-level reporting and real-time reporting tools are also powerful visibility solutions that can offer insight into internal behaviors and access. These can aggregate data from across all SharePoint platforms and provide on the hour insights into system usage, increasing transparency and improving security.
Challenge 04: API – Abuse of open keys and credentials
Cloud has introduced some remarkable innovations, not least of which being the Internet of Things (IoT) and the ubiquity of mobile devices and solutions. Their phenomenal success has been, in part, due to the explosion of APIs that facilitate communication across platform, device and system. However, these APIs have become a threat vector for the business, often leaving wide open vulnerabilities for attackers to exploit. They have also become a target for sophisticated attacks as they’re often the link to private and confidential information.
The problem is that many APIs are not configured to manage the correct authentication protocols and they lack solid encryption. To bypass this problem, organisations need to focus on solid endpoint security solutions, implementing robust authentication systems, and visibility into API calls and interactions. Considering working with a company that can provide you with enhanced API abilities that can be integrated into your SharePoint and Office 365 systems and that are configured to map back to market leading security specifications.
Cloud Storage Security Issues
Cloud, of course, is synonymous with storage. It’s the vast and untamed wilderness of data lakes and pools and storage solutions that allow organisations to capture every last drop of information gleaned from customer, business and interaction. It is also an area of concern for cybersecurity professionals. Secure data storage is an asset. It may present logistical challenges in terms of regulation and compliance, but it’s also a smorgasbord of insight and data that can be used to leverage the organisation and customer engagement. This makes investment into multiple tools designed to enhance cloud storage security an essential part of any business strategy. After all, nobody wants to be the statistic on the front page.
Follow @cardiolog 