Securing cloud infrastructure: Five threat management best practices

Enterprises are adopting the cloud — the value of agility, on-demand resources and potential cost savings can’t be ignored. However, as noted by a recent Open Data Center Alliance (ODCA) survey, a significant barrier to cloud uptake still remains: security. With IT leaders still worried about threats to cloud infrastructure, how can they reconcile obvious benefits with possible risks?

Here are five best practices:

1. Design for security

As noted by IT Business Edge, one critical component in a defensible cloud architecture is designing for security, rather than developing secure responses for ad-hoc networks. This means building security controls and developing employee codes of conduct before a cloud solution is ever in place. The big benefit? This fosters a culture of foundational IT security rather than creating one of “afterthought.”

2. Be mindful of insiders

Most companies consider their data safe when it’s stored in local data centers or only handled by employees. Though as noted by Information Week, internal users often pose the biggest threat. In some cases the risk comes from malicious former or current employees who use their credentials to access corporate data and deliberately copy or disseminate it, but the far more likely scenario comes in the form of a phishing attack or email attachment scam — well-meaning users are duped by supposedly legitimate emails into giving their login data or downloading malicious files.

3. Encrypt, encrypt, encrypt

What’s the most valuable asset on your cloud network? Data. Here, your best practice is simple: always encrypt. This starts with data in motion but must also include data at rest and the development of data-loss prevention strategies which minimize the chance of sensitive data being sent outside the bounds of corporate networks, encrypted or not.

4. Know who has the keys

Of course, encryption is only effective if you know who has the keys. Consider the recent Uber breach, which saw the company’s database key accidentally stored on a public GitHub page. The result? 50,000 compromised records. When it comes to holding cloud-based encryption keys, the rule of thumb is “the fewer, the better.” For example, not every C-suite executive needs the encryption key, and it’s a good idea to use different encryption methods for various types of data — access should only be granted on the basis of project need, not position. Keeping keys small in number and accounted for significantly reduces the chance of loss or compromise.

5. Get ready for IoT

The final best practice for cloud infrastructure security? Get ready for the Internet of Things (IoT). According to V3, the sheer number of connected devices poised to invade homes and offices comes with significant security risks. Everything from automation systems to wearable devices to “simpler” devices, such as wireless printers or POS terminals, pose a threat if not properly managed. For IT leaders, this means creating an IoT process sooner rather than later — each device on a network must be accounted for, visible and ready to be taken offline at a moment’s notice.

Cloud infrastructure is the foundation of agile enterprises, but comes with inherent risk. By designing for security, monitoring insiders, using strong encryption, keeping track of the keys and preparing for the rise of IoT, enterprises can stay safe and leverage the benefit of cloud-based technologies.