Date: April 08, 2021
Cyber criminals are on the never-ending hunt for data — anything they can steal and sell, exploit or hold for ransom. From small businesses to the largest enterprises, everyone’s data is a target. So it’s important for you to protect your data, with a layered, defense-in-depth approach.
You might already be familiar with how to protect your data in a traditional, on-premises environment — such as by restricting admin and user access, using properly configured firewalls and running anti-malware software. But how does data security work in a complex cloud environment?
In this guide, we’ll answer these questions, look into best practices for cloud security management and discuss how security experts can help along the journey.
What is cloud security?
Cloud security has the same goal as traditional on-premises security: keeping your valuable data safe. It involves procedures and technologies designed to protect your cloud environment against both internal and external threats to your most sensitive business-critical infrastructure.
What is cloud security management?
Cloud security management is similar to the model for on-premises security management. It's about understanding what security controls you have in place and how you're securing your environment, systems and data — and what you have to do, from a management standpoint, to maintain that visibility.
For example, every time you spin up a new instance in the cloud, you need to make sure you push the correct agents and that it has the right policies assigned to it. You need to be sure the controls you’ve already engineered and architected are in place.
Cloud security is quite a bit easier than traditional models, since — assuming you’re using the cloud correctly — you can automate many of the requirements and workflows. For example, in the past, IT may have set up a new server, and perhaps they didn’t install any of the agents. You might not notice until sometime later. But in the cloud, you can automate the whole process and specify installations, instead of relying on human workloads or trial-and-error.
How do you manage security in the cloud?
To protect your data, you need to take the keys to your data and lock them away — such that an adversary would need to break through layer after layer of protection to get to those keys. Cyber criminals look for vulnerable systems and data, so make it difficult for them.
Any time, and you make it very difficult for someone to do something they shouldn’t be doing.
Rule of least privilege
The baseline, number-one thing that everyone should do — whether you’re talking about cloud, on-premises or even a single-instance computer running in your office — is implement the rule of least privilege. Basically, if the system doesn’t need to do something, don’t allow it to.
For example, if you have a server that’s just processing information in a SQL database, don’t install a web browser. That kind of deny-by-default approach alone can remove many common attack vectors. Each time you can eliminate a way for the bad guys to get in or out, you’ve given a huge boost to your security, with minimal effort and cost.