Ensuring the safety of customer data stored in the cloud is an ever-growing challenge. The number of cyber-threats is not just increasing in volumes, it is growing in quality and sophistication.
According to the Gartner study, 80% of all data leaks happening in the cloud, are due to the incorrect configuration, account management and other mistakes made by IT departments, rather than the vulnerability of the cloud provider. Therefore, IT companies need to pay attention to their internal business processes and personnel training in order to strengthen the overall security.
64% of companies consider the cloud infrastructure to be more secure than legacy systems. 75% of those using the cloud, are taking additional protective measures, on top of protection options offered by cloud providers.
As to additional security measures, 61% of clients resort to data encryption, 52% introduce stricter access policies, and 48% are pushing often system audits.
Attackers do not really care where the data is located, on virtual or real machines, their goal is to gain access by all means. Therefore, to protect data in the cloud, you should use the same tools any data center has.
Security experts identify three main areas of cloud security: data encryption, restricting access to data, and the possibility of data recovery in the event of an attack like ransomware.
In addition, experts advise taking a closer look at the API. Open and unprotected interfaces can become a weak link in data protection and a major cause of vulnerability of cloud platforms.
Analytics and machine learning
To solve many security issues, you can make use of modern AI technologies. The use of artificial intelligence frameworks and machine learning helps to automate data protection and simplifies the execution of routine tasks. AI is used in public and private cloud infrastructures to strengthen their security.
An example of such approach is the open source project MineMeld, which allows using data on threats received from external sources to formulate security policies and tweak configuration on the fly. This solution may address all specific needs of a particular company. Another example is the Gurucul Cloud Analytics Platform, which uses behavioral analytics and machine learning to detect external and internal threats.
It is not necessary to encrypt absolutely all the data. To ensure security, a specific policy must be introduced. It is important to find out first what exactly data is in the cloud, where the traffic goes. Only after that, you should decide what information is worth encrypting.
Prior to the strengthening of security measures, it necessary to calculate their feasibility. Organizations should evaluate the cost of introducing new measures and compare it with the possible losses from the data breach. In addition, you should analyze how encryption, access controls, and user authentication affect system performance.
Data protection can be carried out on several levels. For example, all data that users send to the cloud can be encrypted using the AES algorithm, which provides anonymity and security. The next level of protection is data encryption in the cloud storage server. Cloud providers also often use several data centers to store data, that helps to protect your information.
When migrating to the cloud, many customers are faced with the need to implement a new security strategy. You have to change the settings of firewalls and virtual networks.
According to a study conducted by SANS, data center customers are concerned with unauthorized access (68%), application vulnerabilities (64%), malware infections (61%), social engineering and non-compliance (59%) and internal threats (53%).
At the same time, attackers will almost always be able to find a way to hack the system. Therefore, the main task is to make sure that any attack does not spread to other parts of the network. This is possible if the security system blocks any unauthorized interaction between workloads and prevents illegitimate connection requests.
There are many products to monitor the data centers infrastructure. For example, Cisco provides IT managers an opportunity to get a complete picture of network activities. You can not only see who is connecting to the network, but also set rules for users and control what people can do, and what access rights they have.
Another approach that can improve the reliability of the data center is the integration of security systems with the practices of DevOps. This allows you to accelerate the deployment of new applications and introduce all changes faster. An adaptive security architecture should be integrated with the management tools, making any security settings changes a part of the continuous deployment process.
In the cloud infrastructure, security becomes an integral part of the continuous integration and continuous deployment. This can be provided by tools such as the Jenkins plugins that make code and security testing an indispensable stage of quality assurance.
Other DevOps tools for security testing and monitoring include SAST and DAST solutions. SAST is used to analyze the source code of an application in a static state and identify its security vulnerabilities. The DAST solution detects possible security vulnerabilities while the application is running.
Previously, the security of the product was often handled by a separate team. But this approach increased the time spent working on the product and could not guarantee the elimination of all vulnerabilities.
Today security integration takes place in multiple directions, there are even separate terms: DevOpsSec, DevSecOps, and SecDevOps. There is a difference between these terms – the location of the Sec section reflects the importance of security. We should think about security at all stages of the creation of any product, including the cloud infrastructure.
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.