Securing Data in the Cloud
Storing data in the cloud allows for easy management and accessibility over the internet. According to the Goldman Sachs analysts, as of 2020, around 23% of all IT workloads are processed in the cloud. As with any storing solution, cloud storage poses risks for security, including a loss of sensitive data, violation of other controls, insider threat, and malware. However, the number of companies using cloud storage has increased, so it is important to practice cyber hygiene when migrating to a cloud service. A data breach through accessing cloud data may be hard to prosecute, as the data can cross international borders. With cloud storage, there is an absence of physical protection of the data. The following tips will ensure safe cloud computing best practices.
Encrypt Data
Data should be encrypted when in transit and at rest. Use a strong encryption algorithm, such as AES- 256. Also, salt your keys and passwords. Using PGP for public key based encryption and decryption to enhance your encryption standard. It is also important to encrypt data on your end devices along with encryption in the cloud. Additionally, metadata should be encrypted so that PII is undecipherable after it leaves the on- premises point of origin.
Separate the Data Path and the Control Path
The control path can use public cloud services to provide orchestration and management functions at scale. On the other hand, the data path should be entirely on- premises. File data should never be transmitted outside the enterprise security perimeter.
Ensure Local Backup
Having local backups will allow for business continuity in the event that cloud storage is compromised. Data should also be backed up frequently.
Avoid Storing Sensitive Information
No storage solution is 100% free of security risks, and cloud storage is no exception. Avoid storing any PII or proprietary information in the cloud.
Use Strong Access Control Methods
Have strong password requirements such as minimum password length and complexity requirements. Using multifactor authentication will add to cloud security.
Classify data to assign explicit access controls to each type of data. For example, an employee in accounting does not need access the HR records. This will allow you to monitor activity within data. Restrict and control content with permissions, expiry dates, and password protected links.
Know Your Cloud Provider
Enterprises should always make sure their cloud storage partners offer geo-redundant storage with high levels of data durability, as well as extensive industry security and compliance certifications. Insist on rigorous compliance certifications like PCI DSS and SOC 2. Companies should make note of the cloud provider’s user agreement and ensure that the provider’s goals align with the company’s goals.
The company should also make note about the provider’s process in the event of a breach. They should take into account maintenance and management controls, as well as other measures the provider has taken to ensure that the system is always up to date with patches. The company should have a good understanding of the cloud provider’s recovery options.
Other Tips
- Test your cloud security setup
- Install antivirus
- Have a defined and enforced data deletion policy
- Use a VPN and private network
- Identify security gaps between systems