With the increase in telework, ensuring the security and resiliency of your cloud infrastructure has never been more important. Here are four things to consider on how to keep your cloud infrastructure secure:
One of the cloud’s most touted features is its scalability — it is easy and fast to create universally available architectures. This can also help manage denial-of-service (DOS) attacks by external parties. By configuring your workloads to scale to meet demand, workloads can simply scale to continue meeting user demand while absorbing the DOS attack.
Additionally, many public cloud providers offer tools to identify known bad actors and manage those attacks at the provider level, rather than impacting customer workloads. By leveraging these strategies, cloud workloads can be made more resilient to attacks and less likely to suffer performance degradation and outages.
Shared responsibility model
Many cloud native and managed services support patching and updates behind the scenes. Be sure to identify user responsibilities clearly when considering a managed service and make sure those responsibilities are met. For example, many serverless function-as-a-service tools (like AWS Lambda and GCP Cloud Functions) do not require operating system-level patching, but any libraries used by the code will need to be kept up to date. By identifying user responsibilities for a managed service and ensuring those responsibilities are met, users can ensure their workloads stay up to date and compliant, minimizing risks.
Public cloud service providers — Amazon Web Services, Microsoft Azure, etc. — offer a host of tools to reduce risk and provide visibility into your hosting environment. Investing in configuring these services early can save time and reduce risk in the long run. This can include customizing access control policies, standardizing networking and firewall standards, and securing audit logs away from user access. Once these controls are in place, incidents can be prevented, mitigated, and identified quickly, reducing risk of compromised systems.
A cloud environment has greater potential for data leakage via insider threat/human error than on-premises or data center environments. One of the cloud’s benefits, quick and easy provisioning, can be a major opportunity for data leakage, if appropriate guard rails and user training are not in place. Observe the principle of least privilege by making sure that individuals just have the access that they need to do their tasks, and not access to everything. This can reduce the risk of bad actors improperly accessing sensitive data.-30-