Scared of losing your data on the cloud? Who can blame you?
According to Alert Logic, a cloud security company, “Cyber attacks are on the rise.” At the same time, “reports show that 87% of organizations are making use of cloud infrastructure. … This means: 1) Organizations are making use of public clouds now more than ever before, and 2) Hackers now have a larger attack surface to gain access to sensitive data.”
Scary isn’t it?
Fortunately, it’s not that hard to secure your cloud data with seven simple steps. These are:
1) Lock down your code. A server in a closet, a data-center, a cloud. Where your data is located won’t matter if the software isn’t hacker-proof.
2) Nail down your access management tools. Whether you use Active Directory (AD) or Lightweight Directory Access Protocol (LDAP), your cloud needs a trustworthy, centralized authentication system. Better yet, back up your login/password system with two-factor authentication.
3) Set up a patch management system. It’s not only your code you need to keep an eye on. You need to make sure your proprietary and open-source software always has the most up-to-date patches.
Of course, not all patches are created equal. Microsoft recently sent out a junk patch to Windows 7. You must test out all patches, not just to make sure they really work, but to make sure they don’t cause more problems than they fix.
4) Analyze your logs. Just because your system software is now running on a cloud doesn’t mean you’re off the hook in checking your logs for hacks and attacks.
5) Keep your security tools handy. Sure, you can hope your cloud company will protect you from the baddies. And, maybe they will? Me? I’m still going to implement a firewall, run anti-virus programs, encrypt everything in sight and run my own intrusion detection system. There’s nothing paranoid about it; they really are out there to get you.
6) Stay on top of security news. Blink twice and you’ll miss the latest security hole. If you want to be really safe, you need to stay in the security news loop.
7) Track your cloud provider’s security measures. Know exactly what your cloud vendor is doing to protect you when you first sign the contract, and then make sure you know what they’re doing today. Security measures, just like attacks, are always changing.
Notice something about this list? Only one item is specific to the cloud. The others are things you should have been doing all along.
The moral of this story? Whether you’re on Amazon Web Services, your own data-center or just a rapidly aging Windows 2008 server under your desk, you still have to implement the security basics. If you don’t, it’s not a matter of “if” you’ll be cracked; it’s “when.”