Being Safe in the Cloud

Being Safe in the Cloud

It seems like everyone is migrating these days. Not only are more and more people leaving their countries to explore greener pastures, but many companies are moving their data and services to the cloud. This is where the future is heading. Cloud storage has been growing rapidly and a MarketsandMarkets report expects the total revenues of the cloud industry to be $9 billion by 2019. That’s a growth rate of almost 16% each year.

7 Reasons to Move to the Cloud

Whether you are looking to move your entire infrastructure or want to start using cloud services (aka SaaS), here are several reasons to consider the move:

Save Money

Operating your own systems and infrastructure is expensive. Not only do you need to own the hardware and maintain it, but you also need to pay staff to keep it running. You must have capital on hand for large equipment purchases at sporadic times, as well as staff on-call in case of downtime.

With cloud services, you can use what you need, as you need it. It makes expenses much more predictable and reduces the total cost of ownership (TCO). Your company won’t face any more huge bills that strain your cash flow when there is an equipment failure. An added bonus is that using cloud services is more efficient and environmentally friendly.

Enhance Security

Cloud providers such as AWS offer a “shared responsibility” model. This guarantees the underlying physical security of their platforms. It also provides tools that can be used to control access to cloud resources if they are implemented correctly. This arrangement shares the security responsibility between you and the cloud provider.

As users become more educated, vendors are expected to be compliant with established security standards (such as SOC2/SSAE16, PCI, and HITRUST). These standards give users greater confidence that data is being handled properly in the cloud.

Make Deployment Easier and Reduce Risks

Continued innovations in the cloud space are helping to ease the headaches of deployment and integration with platforms such as CodeDeploy, CircleCI, and SolanoLabs. Cloud services make it simpler to create development environments that more closely match production environments.

Give Greater Scalability and Flexibility

Because you’re not worrying about the hardware provisioning, you can get off the ground without any major technical difficulties. You also don’t have to plan your infrastructure to accommodate future growth, instead you can just scale up your services when the need arises. This gives you the freedom to expand without having to commit additional resources.

The freedom that comes with using a cloud provider allows you to experiment with new services. Because you don’t need additional hardware, it means that you can try out new things with ease. If they don’t work out, you aren’t stuck paying for a bunch of hardware that you don’t need.

Plan For Business Continuity and Help with Disaster Recovery

If your on-site hardware fails, your business will face downtime until it is fixed or replaced. Cloud services allow you to develop a backup strategy where you can quickly rollover your entire global infrastructure, or migrate to a different provider altogether. Downtime is very expensive. Your fixed costs stay the same and you’ll be paying many of your employees to be idle as they wait for your systems to recover. Minimizing downtime minimizes costs.

Save Time with Automatic Updates and Shift Accountability to Vendors

Products in the cloud are automatically updated. You are always on the latest version, so there is no confusion or waiting around. Vendors are more incentivized to provide excellent products that keep working, because the fees are paid over time instead of all upfront. With on-premise software, you are locked in, even if it performs poorly.

Improve Integration

Compatibility is important with the cloud. Because of its distributed nature, cloud solutions typically use industry standards for data interchange. Unlike on-premise solutions which try to solve many problems, cloud can solve much more specific problems. This allows you to pick and choose the solutions you need, rather than getting locked into a single monolithic platform. And if a better option comes along in the future, it is much more likely that you can switch services with minimal effort.

Mitigating Risks in the Cloud

While going to the cloud can be a great move for many companies, it also brings in some new risks. Having all of your data and processes in the cloud means that your once-siloed infrastructure is now spread across the globe and shared with more prying eyes than you ever thought possible. To top it off, your employees are more likely to interact with all this data on the go, all over the world, on a variety of different devices (many of which may be insecure). You can’t have the added convenience and accessibility without the possibility of vulnerabilities. Some tips to protect your business:

Protect Your Data with Encryption

Your sensitive data needs to be encrypted both in transit and at rest to be kept secure. A recent Ponemon Institute study revealed some shocking data, indicating that many companies have poor encryption practices:

  • Only 38% of organizations encrypt their data in transit.
  • Just 35% of organizations encrypt their data before putting it into the cloud.
  • 27% of organizations encrypt their data at rest in the cloud. Of these organizations, 73% have huge amounts of data that is susceptible in a breach.
  • Only 16% of organizations encrypt at the application level.
    11% of organizations use their cloud provider’s encryption service.

You Need to Manage Access to Cloud Services

Your company needs to enforce strict password policies. These should involve complex passwords that need to be changed regularly. Wherever possible, use multifactor authentication and give people only the access that they need.

Understand the Limitations of Your Vendors

Before you sign up to a new cloud service provider, there are several things that you need to find out about them:

  • Where are they located? Depending on the laws your country, some data may not be legally allowed to leave the country.
  • Who is involved? You need to know who will be handling your data and what the security vetting process looks like for hiring. Employees are still the weakest link; one disgruntled worker can potentially put your whole company at risk.
  • How does the vendor encrypt and handle the data?
  • Does the vendor outsource any of their work? Does this open up any further security risks?
  • Is the vendor certified compliant? You need to know which standards they comply to, when they were last assessed, and how often they are audited.

Have an Exit Strategy

Subscribing to a cloud service can be a great move for your business, but it also introduces some new factors that are beyond your control.

  • What happens if the service is discontinued? Businesses close down and cut back their offerings all of the time. Your company needs a plan on how it will proceed if this happens; otherwise, you could face a disruption.
  • It is critically important that you understand who owns your data when you leave a provider. If the data is disposed of, you should understand what process is used to dispose of that data.

Keep Up-to-Date on the Latest Data Breaches

The threat landscape is constantly changing, so it is important to stay current on the latest events. See our article on the best security blogs for excellent sources on how to stay up to date. Global security news is important, but you also need to keep up on the latest developments with your cloud provider. If they have any security incidents, you need to know about them so that you can make an educated decision on whether they are the right service provider for you.

Cloud Based Vendors: Have Good Security Hygiene

Software-as-a-service (SaaS) has revolutionized the way that business software is distributed and used. As a SaaS provider, you are expected to provide software the is always available, reliable, secure, and compatible on as many devices as possible. The following practices are considered good security hygiene:

Design For Failure

Cloud-based systems are inherently more complex than their traditional counterparts. Because of this, there are more opportunities for things to go wrong. That’s why it is important to plan for failure. It’s going to happen eventually, so it’s best to have systems in place that will alleviate any potential problems. Analyze the greatest threats that your systems face, as well as their individual risks, and have systems in place for when each of these come to fruition. This will minimize any damages or disruptions. If your service is designed to be resilient, it can prevent minor hiccups from becoming catastrophes.

Code Reviews

When security is so pertinent, it is important that your code is up to scratch. Leaving behind any mistakes or vulnerabilities could eventually lead to a data breach or other attacks. Is input being properly sanitized? Are you allowing arbitrary code to be executed (hello WordPress). Having additional sets of eyes can help to catch these types of vulnerabilities before your code goes out.

Subscribe to the Principle of Least Privilege

If you had a warehouse stacked with priceless jewels, you wouldn’t leave the roller doors open with people wandering free-range throughout, would you? Something could go missing and you would have no way of finding out how it happened. The same goes with your cloud-based system. Give your applications and servers only the access that they need. There are many tools at your disposal to accomplish this including security groups, NACLS, IAM Roles, bastion hosts/vpn servers, and so on. Every line of code you write introduces risk—not having a safety net around that code can worsen the damage of an exploit.

Manage Your Logs

If you want to keep your data secure and stay compliant with various regulations, it is important that you are monitoring your logs. This can be done internally or with a third-party service, but the security of your company depends on collecting logs from various sources such as firewalls, databases, endpoints, and network devices. This information can then be analyzed for potential threats. Good logging processes allow you to not only know that a problem has occurred, but also allows you to investigate the extent of the damage done.

Scan For Vulnerabilities and Perform Penetration Tests

To make sure that your systems, network, and data are secure, they need to be scanned regularly. There are a variety of services out there for automated vulnerability scanners such as Qualys and Amazon Inspector. These tools, when used properly, allow you to catch common security flaws that may have bypassed even your most rigorous of code reviews. And while we may love fully automated processes, there are still certain attacks that cannot be tested against with automated tools. In those cases, penetration testing is another tool in your arsenal for determining vulnerabilities.

Make Regular Backups and Have a Recovery Plan in Place

Despite your best efforts to make your apps resilient, there is always the possibility that a critical error can completely take down your infrastructure. Whether this is the result of an entire region going down or a hack that renders your servers and databases useless, it is important to have backups in place to recover from one of these incidents. Your infrastructure, code, databases, and configuration should all be backed up regularly and there should be a process in place to restore everything if need be. When disaster can’t be averted, it is important to have a solid recovery plan. This can help to reduce downtime and alleviate any negative effects on your business. Oh, and safeguard your backups so that they aren’t destroyed by a breach.

Are Cloud Services Right For My Business?

The move to the cloud seems inevitable for most businesses, and for good reason! If you need help ensuring your business is adequately protected now and into the future, please reach out.