Ensuring the safety of customer data stored in the cloud is an ever growing challenge. The number of cyber threats isn’t just increasing in volume: it’s growing in quality and sophistication.
According to the Gartner study, 80% of all data leaks happening in the cloud are due to incorrect configuration, account management and other mistakes by IT departments rather than vulnerability of the cloud provider. Therefore, IT companies must pay attention to their internal business processes and personnel training to strengthen overall security.
Another study said 64% of companies consider the cloud infrastructure to be more secure than legacy systems. Of those using the cloud, 75% are taking additional protective measures on top of protection options offered by cloud providers. As to additional security measures, 61% of clients are resorting to data encryption, 52% are introducing stricter access policies and 48% are pushing frequent system audits.
Attackers don’t really care whether data is located on virtual or physical machines; their goal is to gain access by any means. Therefore, to protect data in the cloud, you should use the same tools any data center has. Security experts identify three main areas of cloud security: data encryption, limited access to data and data recovery in the event of an attack (such as ransomware).
In addition, experts advise taking a closer look at the API. Open and unprotected interfaces can become a weak link in data protection and a major vulnerability in cloud platforms.
Analytics and Machine Learning
To resolve many security issues, you can use modern artificial-intelligence (AI) technologies. AI frameworks and machine learning help to automate data protection and simplify execution of routine tasks. AI serves in public- and private-cloud infrastructures to strengthen their security.
An example of such an approach is the open-source project MineMeld, which uses threat data from external sources to formulate security policies and tweak configurations on the fly. It may in some cases address all of a particular company’s needs. Another example is the Gurucul Cloud Analytics Platform, which uses behavioral analytics and machine learning to detect external and internal threats.
It’s unnecessary to encrypt all your data. To ensure security, you need a detailed policy. First, determine which of your data is in the cloud and where the traffic goes. Only then should you decide what information is worth encrypting.
Before strengthening your security measures, calculate their feasibility. Organizations should evaluate the cost of introducing new measures and compare it with the potential losses from a data breach. In addition, you should analyze how encryption, access controls and user authentication affect system performance.
Data protection can be implemented on several levels. For example, all data that users send to the cloud can be encrypted using the AES algorithm, which provides anonymity and security. The next level of protection is data encryption in the cloud storage server. Cloud providers often store data in multiple data centers, helping to protect customer information through redundancy.
When moving to the cloud, many customers face the need to implement a new security strategy. For example, they must change the settings of their firewalls and virtual networks. According to a study conducted by Sans, data center customers are concerned about unauthorized access (68%), application vulnerabilities (64%), malware infections (61%), social engineering and non-compliance (59%), and internal threats (53%).
At the same time, attackers will almost always find a way to hack the system. Therefore, the main task is to prevent an attack from spreading to other parts of the network. Doing so is possible if the security system blocks unauthorized interaction between workloads and prevents illegitimate connection requests.
Many products can monitor a data center’s infrastructure. For example, Cisco gives IT managers a complete picture of network activities, allowing them not only to see who is connecting to the network but also to set user rules and govern what people can do, as well as what access rights they have.
Another approach that can improve the reliability of the data center is integration of security systems with the practices of DevOps. Doing so allows you to accelerate deployment of new applications and introduce changes faster. An adaptive security architecture should be integrated with the management tools, making security-settings changes part of the continuous deployment process.
In cloud infrastructure, security becomes an integral part of the continuous integration and continuous deployment. It’s available through tools such as the Jenkins plugins that make code and security testing an indispensable stage of quality assurance. Other DevOps tools for security testing and monitoring include SAST and DAST solutions. SAST analyzes the source code of an application in a static state and identifies its security vulnerabilities. DAST detects potential security vulnerabilities while the application is running.
Previously, a separate team would handle product security. But this approach increased the time spent working on the product and failed to eliminate all vulnerabilities. Today security integration takes place in multiple directions, even using separate terms: DevOpsSec, DevSecOps and SecDevOps. There is a difference between these terms—the location of the Sec reflects the importance of security. We should think about security at all stages of product development, including the cloud infrastructure.
About the Author
David Balaban is a computer-security researcher with over 15 years of experience in malware analysis and antivirus-software evaluation. David runs the Privacy-PC.com project, which presents expert opinions on the contemporary information-security matters, including social engineering, penetration testing, threat intelligence, online privacy and white-hat hacking. As part of his work at Privacy-PC, he has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.