Cloud security checklist

September 17, 2020
| No comments
Cloud terms cloud

Share post

Companies should take advantage of the (first) calm after the pandemic storm and work through their checklist for cloud security in companies. There are always areas that can be better protected.

The pandemic has caused quite a bit in the world. As far as IT is concerned, a catchphrase from Silicon Valley would probably best describe what IT teams around the world had to achieve: "Build the aircraft while it flies." Without delay, in the lockdown situation, it was suddenly necessary to enable countless new remote workplaces in order to guarantee business continuities. A key tool in all of this: the cloud. The use of cloud services has skyrocketed since March and connects infrastructure, people, devices, applications and information in a way that we could hardly have imagined before. In fact, the IT teams in companies, authorities and organizations that have kept business operations going deserve one or two applause.

In March, the main concern was to ensure the IT infrastructure in companies that is necessary to maintain operations even in lockdown times, today it is important to ensure continued operation. Now that an almost normal working day has started again - people are returning to their offices, numerous others have settled down well in their home office - is a good time to check the cloud setup and, if necessary, what was not implemented perfectly at the time due to time constraints was able to correct.

Correct errors, close security loopholes

Even before the pandemic, according to the SophosLabs Threat Report, misconfigurations were the main cause of attacks with 66 percent - and these are numerous worldwide: The latest Sophos survey on the cloud, The State Of Cloud Security, showed that almost three quarters (70 percent) of companies worldwide had a cloud security incident last year. These included attacks from ransom and other malware, unprotected data, and compromised accounts. In Germany, around six out of ten companies using public cloud services were affected by incidents. And most of the time, the attackers came into the public cloud environment because companies inadvertently left a window open or the key stuck in the door.

Take control of cloud security

Overall security and cloud security are a continuous process that involves constantly managing and monitoring cloud environments in order to always be one step ahead of possible attackers. Companies and cloud service providers share responsibility for the security of the cloud. Essentially, the cloud provider is responsible for the physical protection in the data center and the virtual separation of customer data and environments. However, the security of company data that is executed or stored in the cloud is in the hands of the company itself. It is important to assume this responsibility. There are some basic security measures organizations can and should now take to protect their assets in the cloud.

Checklist for testing cloud security:

  • Get an overview: what is being used, where is it, who has access to it, are there any security gaps?
  • Know the danger situation. Corporate data in the cloud is fundamentally of interest to hackers. They run scans, and if they find loopholes or get their hands on an employee's cloud credentials, they'll take advantage of that.
  • Careful review of the configurations. Correct any misconfigurations and thus close possible access hatches for attackers.
  • Critical review of access authorizations. Only those employees who actually need it should have access.
  • Establishing authentication requirements. Use multi-factor authentication in the cloud provider accounts. The more difficult it is to enter, the safer it is.
  • Equal treatment of all components: Treat virtual remote desktops under the same security aspects as the most important company servers.
  • Create secure connections for access to applications and company data. Regardless of whether the employees in question have returned to their workplaces or will remain at a remote location for the time being.
  • Use layered security software to protect cloud workloads.

 

More on this at Sophos.com

 

[starboxid=15]

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

The Terminator tool is coming back

BYOVD (Bring Your Own Vulnerable Driver) are still very popular among threat actors as EDR killers. One reason is, ➡ Read more

Stories
, , , ,