How to securely leverage the benefits of the cloud by using its strengths to overcome issues that have traditionally been labeled as weaknesses.
As enterprises move their applications and data to the cloud, executives increasingly face the task of balancing the benefits of productivity gains against significant concerns about compliance and security.
Security in the cloud is not the same as security in the corporate data center. Different rules and thinking apply when securing an infrastructure over which one has no real physical control.
When leveraging cloud services, enterprises need to evaluate several key factors, including:
Many security professionals are highly skeptical about the securability of cloud-based services and infrastructure. In this post, we will discuss some best practices and guidelines that can be used to securely leverage the benefits of the cloud by using its strengths to overcome issues that have traditionally been labeled as weaknesses.
All interaction with servers should happen over SSL transmission (TLS 1.2) to ensure the highest level of security. The SSL should terminate only within the cloud service provider network.
Encryption of sensitive data should be enabled at rest, not only when data is transmitted over a network. This is the only way you can confidently comply with privacy policies, regulatory requirements and contractual obligations for handling sensitive data.
Data stored in disks in cloud storage should be encrypted using AES-256, and the encryption keys should themselves should be encrypted with a regularly rotated set of master keys.
Ideally, your cloud service provider should also provide field-level encryption. Customers should be able to specify the fields they want to encrypt (e.g., credit card number, SSN, CPF, etc.).
The cloud service provider should employ industry-leading vulnerability and incident response tools. For example, solutions from these incidence response tools enable fully automated security assessments that can test for system weaknesses and dramatically shorten the time between critical security audits from yearly or quarterly, to monthly, weekly, or even daily.
You can decide how often a vulnerability assessment is required, varying from device to device and from network to network. Scans can be scheduled or performed on demand.
After a customer’s data retention period (as specified in a customer contract) has ended, that customer’s data should be programmatically deleted.
The cloud service should provide role-based access control (RBAC) features to allow customers to set user-specific access and editing permissions for their data. This system should allow for fine-grained, access control-based, enforced segregation of duties within an organization to maintain compliance with internal and external data security standards.
Instead of leveraging a multi-tenant instance, your cloud storage or software as a service (SaaS) provider could spin a cloud environment that is used only by you and in which you have complete control and access to the data. Amazon Web Services (AWS) refers to this as a virtual private cloud (VPC). Customers can connect securely to your corporate datacenter—all traffic to and from instances in their VPC can be routed to their corporate data center over an industry standard, encrypted, Internet Protocol security (IPsec) hardware VPN connection.
The two most important certifications are:
The above are just some of the key security provisions that any cloud service provider should build into its cloud service. Defense in depth is traditionally a matter of strict design principles and security policies distributed across a number of departments and areas of expertise.
Gartner has positioned Vodafone as a "Leader" in its Magic Quadrant for Managed M2M Services, Worldwide report 2017, for the fourth consecutive year