Happy New Year!
It’s finally 2021! As we begin this year, we resolve to make improvements, including to verify our cloud infrastructure setup.
COVID-19 forced many companies to accelerate their transformation to cloud computing but, in the rush to get up and running, many overlooked cost controls and cloud security.
In doing so, costs increased costs, and unnecessary vulnerabilities were exposed. That’s why, in 2021, you should promise to take cloud security seriously.
Familiar, Yet Quite Different
Developers created the cloud based upon existing principles used for traditional technology.
And thus, much of the infrastructure (networking, virtual servers, etc.) and most applications should be relatively familiar. However, what may seem like common sense to a cloud developer might not translate well into our own organizations. That’s when making assumptions becomes dangerous.
Cloud resources often allow for self-service. For example, your IT team doesn’t always know when the marketing team signs up for a SaaS program, such as Box.com. If that happens, it can security holes into the network by allowing that application to have desktop access.
While many SaaS applications can safely integrate into your network, you should always involve your IT team, so they can adjust SaaS default security settings.
When it comes to costs, it is easy to generate overruns by forgetting about storage systems, launching too many resources, or not understanding the resources needed for a task.
You should always make sure that rarely used resources can be launched on demand, that extra resources are shut down, and that existing resources are optimized for actual use patterns.
As the old saying goes: Familiarity breeds contempt. You should always respect processes, and be mindful of nuances.
Gaps Outside of Traditional Reach
It might be obvious that the cloud exists outside of the corporate firewall.
But, what’s less obvious is where the cloud provider draws the line between its own security obligations and those of your organization. Some experts even call into question the quality of built-in cloud security designed for the lowest common denominator of needs.
Many organizations use multi-cloud infrastructure, thus they must manage different security defaults, data retention policies, data access rules, and API configurations. Even something as basic as encryption key management may require a separate management system to satisfy security and compliance requirements.
In order to pull your cloud resources back within our security envelope, you can adopt strategies, such as cloud-based network security (i.e Secure Access Service Edge (SASE) technology), that improves broad monitoring of mobile users, branch office management, and cloud-based resources.
A broader network perspective should also be accompanied by a comprehensive monitoring program that encompasses the traditional network monitoring and endpoint monitoring. Additionally, it should include access monitoring for servers and resources both locally and within the cloud.
We also need to consider more granular security that does more than verify the identity of a user. Some experts recommend more comprehensive multi-factor authorization that matches networks, devices, and even the data or resources that each user is attempting to access.
Other advanced security options, such as automation or artificial intelligence (AI), can be deployed.
But, even they assume that these security basics are in place:
- Encryption of data at rest;
- Configurations have been double-checked;
- Multi-factor authentication combined with robust password requirements are in place;
- Least privileged access and role-based access controls are implemented; and,
- Logs and penetration testing check for anomalies and mistakes.
If this sounds familiar, it’s because many of these are the same requirements we are also supposed to do locally. Unfortunately, human error remains a key factor in breaches.
It also allows attackers to launch a variety of attacks, such as cryptomining, botnets, persistency attacks, and more.
User Habits
Some users just don’t like change and will become stressed every few months when Microsoft 365 adds new features and changes its display. Many others won’t even notice.
Which one best describes your team?
Migrating to Microsoft 365 may also change how your users access their emails and shared files. Will your employees quickly embrace the changes, or will they be difficult to train?
If the organization might only benefit incrementally, user habits may prevent any consideration of change.
Utilizing Cloud Security Experts
Any basic business school strategy encourages companies to focus on their core competencies.
Building expertise in the cloud and cloud security, while useful, only matters if you are building an IT or security company.
If that doesn’t describe your business, then we’re here to help. For Ideal Integrations and Blue Bastion, our core competency is translating your business needs into a secure IT environment, including clouds, that drives effective business processes.
Call us today at 412-349-6680, or complete the form below, and let us know which type of expertise might be helpful to your team.
From checking cloud configurations to full network management and monitoring, we’re here to support your needs!