While the idea of using a virtual network and cloud-based services to manage your business and encourage collaboration is appealing, securing information once in the cloud and while it’s in transit is a concern. In fact, questions about the security of cloud-based services have caused some to shy away from virtualization, instead choosing to maintain physical servers and the status quo in terms of internet security. Others avoid adopting the cloud due to a lack of knowledge, assuming that securing cloud-based networks requires unmanageable or overly complex systems.
Since cloud-based computing is still a relatively new data management option, it’s not surprising business owners and IT managers want to find out more about cloud security before making the leap. There are a few basic security points to consider when implementing a cloud security program. Even if you’ve begun the shift toward the cloud-based environment, understanding fundamentals will keep your data safe in its journey to the cloud and back.
Cloud Security Fundamentals: Start With the Vendor
When it comes to protecting your data, you don’t want to trust just any vendor. While doing your research and asking questions before you choose a cloud provider is important, maintaining constant contact and staying on top of security developments and other issues with your vendor is equally important.
In general, your cloud provider should offer the following:
- Physical security of the servers, wherever they happen to be located
- Identity confirmation across the cloud, including multi-layer authentication procedures, IP blacklists and password protocols
- Encryption of data
- Information loss protection via data transfer regulation; this regulation should extend to specific file types and devices
- Compliance with privacy and legal restrictions, such as HIPAA
- Audit capabilities to determine when and where changes are made
- A plan for handling DDOS attacks
Assessing your cloud vendor on these points on an ongoing basis — not just when you’re choosing a service — ensures you are taking all possible steps to protect your networks and data.
Beyond the Vendor
Once your vendor is in place, there are additional considerations for the security of your cloud-based networks and data. Constantly evaluating and adjusting your plan to account for these considerations will keep you ahead of threats.
First, weigh the speed of your system against protection. There are two schools of thought regarding virtualized security: that it’s better to have each machine running its own copy of the security software, or it’s better to have a system capable of monitoring and protecting multiple virtual machines simultaneously. Protecting each individual machine can slow down the network servers, while a centralized security system, some argue, creates greater potential for breaches. The only way to know is to try several different systems to determine which provides the ideal level of speed and protection for your business.
Second, while endpoint encryption is vital to protect data and block malware, security experts now recommend even virtual machines on the same network, sharing the same cloud, should be encrypted when communicating with each other. Not only does this close doors to cybercriminals, it also protects your data from access by other people using the same cloud.
Third, security policies cannot be linked only to IP addresses, especially when employees are accessing the cloud remotely. An effective cloud security protocol employs adaptive threat protection to analyze the circumstances surrounding the data request — who requests it, from where and when — and grants access only when specific criteria are met.
Finally, cloud security requires shoring up security between virtual machines in addition to the connections between the machines and the cloud. Sophisticated hackers have devised malware to attack virtual machines from behind the firewall after gaining access via the cloud. Paying close attention to what’s happening between virtual machines on your network will help protect your data.
No matter where your business is on the journey to the cloud, vigilance and constant maintenance is essential to data security. Cloud security is not a “set it and forget” task, but requires updates, patches and maintenance just as you would with a physical server. Staying up-to-date of security changes and new developments in virtual security will allow you to enjoy the benefits of the cloud without the worry.
Malcolm Eubanks is a freelance IT consultant and entrepreneur who works with some of the biggest names in IT, including Trend Micro. You can follow him on Google Plus here.