img_blog

Access Control: The First Step to Protecting Your Cloud

Data breaches don’t happen every day, they happen every 69 minutes. Are you using all the cloud access controls available to you?

In the first half of 2019, there were 3,800 publicly disclosed data breaches that exposed 4.1 billion records — as for the records exposed in undisclosed breaches, that would be anybody’s guess. Those 3,800 breaches represented an increase of 54% year-over-year.

Over 70% of those breaches exposed email addresses, and 65% exposed account passwords. The damage to these organizations can be devastating. Even huge companies that should have known better — Equifax and Capital One — made news in 2019 with their colossal data breaches.

Maintaining security is stressful enough without human error

The sad fact is that human error is one of the leading contributing factors to data breaches in the cloud. Too often, inexperienced administrators overlook basic security controls. It’s not that they didn’t have the tools at hand; they forgot to use them. It’s like going to bed with the back door unlocked, and the consequences for the exposed can be just as severe.

Not having the right skill sets on your cloud management team can be disastrous

Misconfigured security systems are the bane of cloud security, and you might well wonder why.
“This is the Amazon Web Services (AWS) cloud. Surely the security is iron-clad,” you might think. To a large extent, it is. But what many people don’t realize is that while a cloud service provider like AWS is responsible for the security of the cloud, your enterprise is responsible for the security of what it has in the cloud. That’s where the problems start.

According to research and intelligence company Gartner, In just two short years, 95% of the failures in cloud security will be the customer’s fault. They cite misconfigurations and mismanagement as the likely causes. At issue here is not whether the cloud is secure, but if the cloud is being used and managed securely.

The old maxim that “criminals are lazy” applies doubly to cybercriminals. The statistic in the previous paragraph is all you need to know. By 2022, only 5% of “hacker attacks” will involve actual hacking. The overwhelming majority will be opportunistic breaches of poorly protected systems.

It’s like getting a car stolen because you left your keys in it.

Ensure controlled access with secure credentials

It cannot be said enough: Your data in the cloud is your responsibility, not the purview of the cloud provider. Be sure no part of your cloud is accessible to the open internet. Amazon and all other cloud providers warn all of their customers repeatedly to avoid leaving cloud storage drive contents available to anyone with an internet connection. From Amazon’s document on the Shared Responsibility Model:

Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the guest operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall.”

This shared security model can easily strike fear into the heart of anyone not intimately familiar with the nature of cloud security. This is where Managed Security Services come in. CloudHesive will help you secure the cloud by identifying appropriate security policies and standards and managing security across the whole of your cloud environment.

CloudHesive is an AWS Well-Architected Partner Program member. Our experts are exhaustively trained in the Well-Architected Framework. Their knowledge of the intricacies of the Shared Responsibility Model and what it takes to deliver the iron-clad cloud security you expect is second to none.

CloudHesive guards your AWS access keys. We give each external service a unique key so that one exposed set of keys does not compromise your entire cloud infrastructure. Managed Security Services makes sure each key has a very specific set of permissions. Every key is a potential vulnerability in the wrong hands, so never give permissions to anyone who does not absolutely require them.

Please encrypt your data

The second line of defense is data encryption. Sensitive Pentagon files (there’s one organization you would imagine has the resources and motivation to make security a top priority) and voter information have been exposed, and not only because the servers were exposed to unauthorized bad actors. Why wasn’t the data itself further protected by encryption?

Encryption is the digital equivalent of dressing in a belt and suspenders. If the controlled access “belt” fails, the suspenders keep your pants from falling down and vice versa. In which case, the “suspenders” of data encryption keep the dirty laundry from unwanted exposure.

Be sure to work with a partner who has your back

There should be no doubt in your mind that the security of your data and applications in the cloud is your responsibility. There should also be no doubt that the process is excruciatingly complex and demands specialized skills as well as a keen eye for detail — a little bit of paranoia can be helpful, too.

These are all excellent reasons to work with a partner. One that specializes in helping businesses like yours make a move to the cloud. A company with the skills and experience needed to keep your data­­ — and your customers’ — safe and secure. Learn more about Managed Security Services by getting in touch with CloudHesive at 1-800-860-2040 or through our online contact form.