If you work from home and use cloud solutions and security strategies to archive business documents, who is responsible when there is a cyber-attack? The truth is that there must be a double responsibility. On the one hand, that of the Cloud service provider and, on the other, that of the client's organization. When using a (PaaS) platform, the Cloud provider must also take responsibility for the virtual network, virtual machines, operating systems, and middleware. The client maintains the obligation to secure the data. Cloud as a Service THE MOST COMMON CLOUD SECURITY THREATS Data Violation One of the most frequent cloud solutions security threats is when a data breach occurs. This means that information theft occurs either by human error or by a targeted attack. Account theft On the other hand, working from the Cloud adds a very common threat: account theft. The trigger for it is, having vulnerable passwords. If the hacker gains access to a user's login details, they can intercept activity, manipulate data, return falsified information, and redirect users to deceptive sites. Loss of information Information can be lost in the Cloud. Whether it's human error or deliberate attack, the loss of information can do a lot of damage to the business. And it is that the data can disappear or through accidental deletion, or a catastrophe such as a fire can affect the information. Persistent threats Some threats do not occur just once but persist over time. These are, perhaps, the ones that can do the most damage to the organization. It is an attack that infiltrates the company's systems. The objective? Establish a foothold in the companies' infrastructure that you are trying to attack and steal data. CLOUD SECURITY STRATEGIES Broaden and deepen your cloud visibility In the cloud security strategy, you need to understand how your developers and business teams are using the Cloud today. This initial assessment is the first step towards the simplified management of cloud compliance and security. Priority number one: identify all use cases of the Cloud beyond the IT function's control (Shadow IT). Place automatic safeguards to prevent configuration errors Start by answering the following question: which configurations should be banned at all costs? Let's take a textbook case: a database should never be directly accessible from the Internet. This makes sense, and yet, according to our Unit 42 research teams, direct access has been observed in 28% of cloud environments. To deal with this type of danger, make your initial list of prohibited practices, then expand it as your cloud security program evolves. Remember that automation is first and foremost about standards We can no longer count the security teams who talk about automation even before having established security standards. It is good to set an ambitious goal, for example, to achieve 80% . But first, agree on standards, and the automation will come by itself. Unless you're a start-up, don't expect to automate all your processes in three months: typically, it takes at least nine months for a large organization to find its way. automation over time Train and hire security engineers who know how to code Unlike most traditional data centers, public clouds rely on APIs. It is, therefore, logical that they constitute the keystone of risk management in the Cloud. How to proceed? Depending on the size of your organization, start by taking stock of the skills available to you. Are any of your security specialists proficient in languages ​​like Python and Ruby? If so, leverage those skills and align your automation goals accordingly. If not, there are several options available to you. You can give those who are keen to learn and members of your development team interested in security a chance. Integrate security into your development projects Who, what, when, how, and where? These are the essential questions to ask yourself to ensure the traceability of code deployed in the Cloud. Then locate the least disruptive entry points for your security processes and tools. Here again, put the odds on your side by getting the on board right away. development partners Conclusion Regardless of their size, security teams have every interest in drawing inspiration from these approaches when developing their security strategy in the public Cloud. They will thus benefit from advantages that were once the prerogative of only development teams. Start small, but think big.

TechMoths - Always deliver more than expected.

2022 - HackerNoon Contributor of the Year - Application

Nominated for 2022 - HackerNoon Contributor of the Year - Application

Media Brand

Too Long; Didn't Read

Developers: Build Less. Deliver More. [Learn how]	

Cloud Security Strategies For Small Businesses

Too Long; Didn't Read

TechMoths

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Cloud Security Strategies For Small Businesses

Too Long; Didn't Read

TechMoths

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES