Security in the Cloud: towards a good strategy
Companies are not waiting anymore, they are moving to the Cloud, but one big concern remains: security.
Cloud security versus traditional IT
It is important to understand that the Cloud is actually more secure than traditional IT. Data location is not so important; the way data is accessed is. Anything that can be accessed from outside has the potential of being attacked, whether enterprise or Cloud. There is a general false belief that what is stored in the Cloud is less secure, but it is rather due to the fact that data is stored on servers and systems that you do not own or control. However, control is not equal to security. In fact, companies providing Cloud-based platforms for enterprises – like Microsoft, Google or Amazon – have gathered a lot of experience in security and compliance and dedicate huge teams of people to security only. In this regard, traditional IT has not the means to compete with them and reach the same level of security.
Identifying the threats
Of course, the shared and on-demand nature of Cloud computing brings its own possible breaches. Data breaches for example, are already a threat for corporate networks, but now a big amount of data is stored on Cloud servers; Cloud providers become an interesting target for cyber-criminals. Even though, they deploy a lot of security measures in order to protect their environment, it is still the responsibility of organizations to protect their own data. Different types of protection are available like implementing multi-factor authentication which can help prevent compromised credentials.
Defining and implementing a good security strategy
When it comes to security, perfect can often be the enemy of good. Instead of trying to perfectly secure your organisation, to no avail, it is better to focus on making sure that your company is not appealing as an attack target. Hackers want to make the least effort for the best return. If you look at Ransomware as a Service (RaaS), criminals who have low technical expertise run ransomware attacks. For example, they can hit an organization multiple times. If the company paid once, it may well pay up again. Another easy tactic is to scan the internet for known vulnerabilities and target companies that are not protected. Those attacks can be easily automated and as such, do not require a lot of resources.
In short, cybercriminals like it easy, so they do not bother with well-secured infrastructure and will go after easy-to-crack infrastructure. Their goal is to find an easy target; so do not be one. The first step will be to assess how your Cloud environment is configured. Afterwards, you can prioritize other areas and start working on them one after the other. Do not try to address all security issues at one, but make sure to focus on the ones that impact you directly, the ones where the hackers will think that it is not worth to spend time on.