Many enterprises are making a slow transition to the cloud. Lack of confidence in cloud security is the main source of hesitation. With a record number of data breaches recorded in 2014, IT leaders are proceeding with caution, and rightfully so.
Information Week’s article on the subject details five steps to achieve a level of cloud security that goes beyond mere compliance:
First and foremost, companies need to have 100% continuous visibility into their technology assets and services. In brief, you can’t secure what can’t see. Know what you’ve got and what it’s doing at all times.
Eliminate the obvious vulnerabilities that are known to exist within your networks (out-of-date workstations, mobile devices, etc.). Continuous monitoring tools, as well as strong vulnerability and security configuration management technology and practices, are key to mitigating exposure at this level.
Strong access control
Make sure you have the appropriate access-management and privilege monitoring in place. Here the concept of least privilege is critical, as is continuously monitoring user activity to ensure there are no deviations from your corporate policies.
Data protection and encryption
Once strong access controls are established, along with continuous visibility, and you have mitigated known vulnerabilities, encrypt all data you know to be sensitive. This generally means protecting “data at rest” and “data in motion” but also establishing technologies such as data loss prevention (DLP) to ensure that even if compromised, the data can’t be sent outside the network.
Put processes and technologies in place that enable folks to react quickly and mitigate the impact of any security breach. Technologies involved here include file integrity monitoring, intrusion detection, and forensic data for post-compromise analysis. Create an action plan before breaches happen, and then follow it as soon as a breach is detected.
For more details on best practices for cloud security, read the full Information Week article.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies . Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. Read more about our security support services: Security and Vulnerability Management, Continuous Monitoring, Incident Response, Vulnerability Scanning and Testing, Security Audits, Self Assessments, Penetration Testing, Web Filtering, Risk Assessment. Contact Paul Vesely at 703-502-3416 to discuss your IT security support needs.