By now, you’ve probably heard about the former Amazon system engineer who took advantage of a misconfigured firewall to steal 106 million Capital One credit card applications stored on AWS. It probably helped that the hacker had inside knowledge, but nonetheless, it was a kind of attack that’s of particular concern to companies using the public cloud. Some experts say that public cloud providers aren’t doing enough to block these attacks. They also say that companies are being far too trusting about public cloud providers’ security policies.
If you rely on public cloud services but aren’t sure how to make sure your data is stored safely and securely and disposed of properly at the end of life, don’t panic. Follow these five tips to be sure that even though your cloud is public, your data isn’t:
1.Take the time to understand how the cloud solution works and the security controls it needs.
2.Examine where the public cloud contacts your infrastructure, your data, your applications, and other organizations outside the hosting environment to identify high-risk areas that deserve extra control and monitoring.
3.Read your contract so there’s no confusion about the extent of the cloud hosting provider’s responsibility for security controls.
4.Follow best practices for cloud-related security, including good change-management.
5.Prioritize identity management, with timely onboarding of new users and de-provisioning of old ones and careful observance of the rule of least privilege.
If you’d like additional help staying safe in the public cloud, contact Xantrion to benefit from our 20 years of experience.