By Rajat Bhargava Posted August 24, 2016
Are the rumors that the cloud can be more secure than on-prem true? Or is this the stuff of legend?
The truth is that while the cloud is often difficult to lock-down, with the proper work you can make the cloud much more difficult for hackers to compromise.
With organizations flocking to the cloud, the topic of how you can secure your infrastructure and services is being intensely discussed. The more you know on the subject, the better, because securing your cloud infrastructure falls heavily on your own shoulders (rather than entirely on the shoulders of your provider).
A Secure Cloud Begins With User Access
In order to bolster your cloud infrastructure you need to start with looking at who has access to your systems. The smaller number of users who have access to specific pieces of the infrastructure, the less surface area for attackers to hit.
Beyond this, simple credentials and loose password standards leave you wide open for compromise no matter how many users you have. It is imperative that passwords be complex and that multi-factor authentication is in place for everyone, especially on critical systems like email. Those users in the technical fields within your organization should also leverage SSH key-based authentication to further secure the cloud.
For an attacker, compromised credentials and accounts are the window into the cloud that they seek the most. Even when your provider is secure, user access can drastically weaken the infrastructure. To offset this and maximize your cloud’s security, it is critical you have your employees use different passwords for every account or go the extra step and use a password manager.
Identity compromise is the biggest threat to your cloud infrastructure, but you can take control of this risk by monitoring your user activity and practices.
Choosing the Right Provider Helps Further Protect the Cloud
Who you select as a cloud provider also plays a role in how strong your infrastructure will be. You have to ask the right questions before you jump into a deal. The questions you ask must be specific to your need and your organization’s mission, however, generally the queries below are a great starting point:
- Can we have a walkthrough of your standard security practices and can you show us how our information will be secured?
- What is your process in staffing – do you execute background checks?
- Where do you host your infrastructure and what tools do you implement to lock it down?
- Who has access to your data? How do they have access to this data? And why do they have this access?
- Is your data encrypted and/or hashed?
- Do you get audited and can we review the audit approach with you?
Asking these questions allows you to fully understand who your cloud provider is and what their security practices are. If a provider includes all of this information on their website then you know they understand fully that their customers care about security practices.
Patching Devices and Apps Is Imperative
No matter what SaaS service you end up selecting, constant patching is a must for your cloud infrastructure to be secure. Unpatched cloud servers are an open door for hackers, and typically vulnerable machines are getting compromised in less than a month’s time. As a result of this, IT organizations need to spot these openings and patch them immediately.
Considering many organizations incorporate BYOD, endpoint devices are controlled by employees instead of IT. These devices can be hard to update, resulting in an unpatched laptop being an even bigger gateway to compromise than an unpatched server. If one of these devices has significant access to your infrastructure then it could potentially lead to disaster.
When working with multiple platforms, patching can be a huge inconvenience. However, it should never be overlooked, as it is crucial for you to control patches and leverage them in a timely manner across all devices and systems.
With Hard Work Your Cloud Can Be Rock Solid
Nothing is impenetrable, but when looking at cloud security, it is possible to make the infrastructure much harder to crack. If you put in the work and cover all the bases then you are making it much harder for a hacker to break through.
Through teaching your users the best practices for identity control, researching all the available cloud providers, and constantly patching all your devices and systems, your cloud can be strong. Hackers will be easily discouraged and they’ll move on to easier targets.
To learn more about how JumpCloud’s Directory-as-a-Service® can help secure your infrastructure give our free trial a run – the first ten users are free forever. Additionally, if you have any questions, comments, or concerns drop us a note!