Shroud of the Cloud

Protecting Data that is Everywhere (and Nowhere)

Securing Data with the Cloud

There is a lot of mystery surrounding the cloud. Many businesses were very slow to propose the idea of utilizing the cloud. For even the most basic Infrastructure-as-a-Service (IaaS) resources, cloud seemed far fetched. However, the year is 2020 and the move to the cloud is in full force. Right Scale’s annual State of the Cloud Report for 2019 found that 91% of businesses used public cloud and 72% were utilizing a private cloud. 69% of companies were shown to adopt a hybrid-cloud strategy, utilizing both public and private. 3% were surveyed to only utilize the private cloud¹.

So what has brought about this momentous change? We can point our fingers at time, but advances in cloud security stand out most to me as the driving force. The ease of implementing layered security within cloud environments provides businesses with a friendly first step. The hands-off maintenance allows for resources to remain secure and up to date without excess outages that companies would find on-premises. Lastly, the flexibility and agility of the cloud allows numerous avenues of cloud migration. In terms of how established a business’s infrastructure is, there are a multitude of options in how they migrate their workloads to the cloud. All of these benefits culminate in a very secure environment for businesses to trust their data and workloads in.

Layered Security

A typical first step in cloud migration for businesses is to initially transfer on-premises virtualized servers to IaaS. A State of IT report from Spiceworks revealed two top IT challenges for organizations were keeping infrastructure and software up to date². Transferring the responsibility of the physical hosts to the cloud service provider alleviates those issues. While this can inherently bring additional security and ease of mind, the responsibility of security cannot stop there. Layered security is not something new from the introduction of cloud. 

Utilizing multiple security controls to protect an environment has been a best practice since before the internet was utilized in day-to-day business operations. Having data-at-rest, data-in-transit, perimeter and internal firewalls, and other measures of security allow the company an initial wall of security. Following the outer wall the internal defenses mitigate any horizontal or vertical movements of possible intruders. Cloud security allows a more user-friendly implementation of these measures. Businesses will find themselves much more flexible and agile with more efficient resource procurement and provisioning.

Flexibility and Agility

Money is a massive motivator for businesses and humans alike. So is time. Hardware procurement and provisioning of resources are two major pieces of its total cost of ownership. What does this have to do with cloud security? The ability to immediately install new security measures into an environment is priceless. The ability to have any IaaS, PaaS, or SaaS resources update instantaneously makes environments continually secure. This also alleviates the need for a hardware refresh. A refresh can often cause major outages, productivity stagnation, and be quite costly and time consuming. The flexibility of the cloud enables businesses to move at their own pace from on-premises to IaaS, to PaaS, and reaching the pinnacle at SaaS. However, analysis paralysis comes into play with the amount of options available to consumers and they can benefit from partnering with a cloud migration consultant like Zirous.

The agility of the cloud is paramount to organizations trying deliver applications and data to their customers world wide. The utilization of Cloud Based Content Delivery Networks in order to provide high availability, high performance, and low latency to end users has brought about many advantages. A CDN inherently protects against Distributed Denial of Service attacks by design. In the case of Azure, AWS, and Google cloud there are also extra protections for DDoS as well as enforcing HTTPS connections. The agility gained from the cloud can also greatly help with data governance. Data governance is the management of how data is used, secured, stored and who it is available to. With data governance coming at a premium on-premises, regulations are easier to comply with and deliver an audit of a business’s environment in the cloud.

Proactive and Reactive

Security in the cloud is a shared responsibility between the cloud customer and the cloud service provider. I’ve seen that the cloud service provider takes a large role in proactive security, whereas the customer plans more in the reactive role. Proactivity being the timely updates, maintenance, and billions³ of dollars being invested each year into maintaining secure cloud environments. Reactivity being a customer’s usage of tools available to them in reaction to possible events. Resource backups and disaster recovery plans are two examples of reactive security planning. However, proactivity does not fall solely on the cloud service provider and reactivity does not solely fall on the consumer by any means. There are a number of different ways in which the consumer can be proactive and the cloud service provider can help be reactive.

Multi-Factor Authentication (MFA) is one such way a cloud tenant can be proactive in its cloud security. Multi-Factor Authentication is an excellent entry-level protection requiring an entity to provide two or more forms of identification. Those forms of identification can be categorized into what the entity: knows (a password), has (a security token), or is (biometrics). Proactive monitoring can also greatly enhance an organization’s security posture — being able to visualize who is attempting access, what is attempting to be accessed, and when. Capturing a baseline of daily, weekly, and monthly norm of business activity can help to identify and investigate outliers. Ultimately, this can lead to early detection and mitigation before anything malicious happens.

Stay Secure or Fall Behind

Security in this day and age is of the highest importance. With the amount of data points being collected by websites, applications, and organizations, it is no wonder malicious entities are after it. The amount of data on devices alone can give marketing companies similar firepower as to if they had interviewed that person face to face. Utilize the benefits of layered cloud security to secure data. Stay flexible and agile with cloud tools, services, and data governance. Be proactive against possible threats and reactive to emergent threats. Don’t become one of the 3,800 publicly disclosed breaches with over 4.1 billion records exposed⁴. Stay vigilant, stay secure, and contact Zirous you are interested in moving forward with a secure cloud.

¹ Giliberto, A. (2020). RightScale 2019 State of the Cloud Report from Flexera. Retrieved 14 Jan 2020, https://www.flexera.com/about-us/press-center/rightscale-2019-state-of-the-cloud-report-from-flexera-identifies-cloud-adoption-trends.html
² 2020 State of IT: Tech Budgets, Trends, and Purchase Drivers. (2019). Retrieved November 20, 2019, from Marketing website: https://www.spiceworks.com/marketing/state-of-it/report/
³ Sheridan, K. (2019, April 18). Security Monitoring News, Analysis, Discussion, & Community. Retrieved January 14, 2020, from Dark Reading website: https://www.darkreading.com/cloud/cloud-security-spend-set-to-reach-$126b-by-2023/d/d-id/1334473
⁴ Norton. (2019). Retrieved from Norton.com website: https://us.norton.com/internetsecurity-emerging-threats-2019-data-breaches.html