How are you protecting your data, when the world is going to the Cloud?
by Neil McLachlan, Head of Security at Onyx Group
Living in a day and age where technology is advancing so fast and companies are rapidly moving to the cloud, there is a growing importance to protect IT infrastructure and ensure that the security systems are in place to do this.
The fact that data and networks can be accessed anywhere in the world through cloud raises a number of concerns and security issues for many companies but there are a series of protocols that should be adopted to reduce the likelihood of security being breached.
The following steps can be implemented to protect your infrastructure when going to the cloud.
- Assuming that a suitable firewall solution has been put in place to protect the perimeter, you should then look to your servers, ensuring that they are constantly patched and up to date with the latest versions of programs and software.
There are processes that you can follow to ensure your server is kept up to date and has the necessary patches to keep it safe from known vulnerabilities. You should configure Automatic Updates to make sure you are getting the Critical updates as soon as possible. Things like feature changes and device driver updates won’t come automatically with Automatic Updates, but at least your infrastructure will be protected against the vulnerabilities most likely to compromise its security.
- Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to them so it is advisable to ensure that any servers are protected from all types of malware to include computer worms and Trojans.
- An intrusion prevention system (IPS) should be used to monitor the network and/ or system activities to identify malicious activity, log information about said activity and attempt to block or stop, and report activity.
Once all of the above is in place, the data needs to be made secure. Encryption is commonly used in protecting information within many companies, both ‘at rest’ and ‘in transit’, for example, data being transferred via networks or stored on a hard drive. Some different examples of this are Virtual Private Networks (VPN), Full Disk Encryption (FDE) and Transport Layer Security (TLS) commonly used for email encryption during transmission.
As a business grows, it might expand to multiple sites across the country and around the world. To keep things running efficiently, the people working in those locations need a fast, secure and reliable way to share information across computer networks. In addition, travelling employees like salespeople need an equally secure and reliable way to connect to their business’s computer network from remote locations.
One popular technology to accomplish these goals is a Virtual Private Network (VPN). The VPN uses “virtual” connections routed through the Internet from the business’s private network to the remote site or employee. By using a VPN, businesses ensure security - anyone intercepting the encrypted data can’t read it.
A strong authentication method is key to ensuring there is no unauthorised access to your network. Onyx recommends the use of Two Factor Authentication (2FA), which makes use of the principle “something you have (token), and something you know (PIN). There are other methods of authentication available today such as biometric data readers for fingerprint or even iris scanning.
In addition to all of this, regular vulnerability assessments need to be performed to identify, quantify and prioritise the vulnerabilities in a system. Finally a penetration test will evaluate the security of a system by simulating an attack. Effective tests will provide an assessment of the potential impacts to the organisation and outline a range of technical and procedural countermeasures to reduce risks.
When it comes to securing your data when moving into the Cloud, you can never be totally sure but you can take steps to reduce the risk of a security breach. Securing an IT infrastructure is an ongoing process that should always be reviewed.