Estimated reading time: 2 minutes, 50 seconds

How to Protect Your Cloud Resources From Hackers Featured

How to Protect Your Cloud Resources From Hackers "I was unprepared to take pictures of the solar eclipse. I drove down to Kentucky just to be a part of this magnificent event, but came away with several great shots. I hope you enjoy them."

The recent discovery of the extensive Solar Winds hacking incident once again focused attention on the difficulty of securing enterprise data resources in the cloud. Thousands of customers had their networks breached by malware hidden in monitoring software. It appears that the cyberattack was perpetrated by a coordinated team of Russian hackers and the full extent of the intrusion will not be known for many months. Though this is one of the most egregious recent examples of a successful hack, it is certainly not the only one.

While the cloud has simplified some aspects of IT management such as capacity planning and storage, it has complicated the process of securing computing assets in two distinct ways. The shared nature of security in the cloud and the increased number of potential gaps or oversights make it difficult to protect enterprise information. Here are some suggestions that can help protect your company’s cloud environment.

Knowing Your Role in Cloud Security

A full understanding of how cloud security is shared and implemented is necessary for each provider and model an organization uses. Substantial differences in responsibility are associated with different cloud models. Some providers may perform a larger or smaller part in protecting your systems. 

An illustrative example can be seen in the way Microsoft defines the shared security responsibilities customers can expect when engaging them as their provider. Depending on if an organization is using an SaaS, PaaS, or IaaS solution, the responsibilities for certain aspects of security may shift from customer to provider. Some security elements are always the customer’s responsibility. 

Customers are always responsible for protecting accounts, identities, data resources, and devices. This includes traditional computing platforms as well as mobile devices. Conversely, Microsoft assumes responsibility for the physical hosts, networks, and data centers that it provides to its customers. 

Gray areas exist surrounding the security of applications, network controls, and operating systems. In SaaS solutions, security is performed by the provider, while it is the customer’s responsibility when the IaaS model is employed. When PaaS solutions are in play, both customer and provider share the task of providing security. This is where the majority of cloud security issues occur and where organizations need to have a full understanding of what they need to do to protect their cloud resources. 

Locking all the Doors

The cloud increases the number of attack vectors exponentially. The theoretical ability to access cloud resources from any mobile device results in an environment where each device needs to be secured from use by unauthorized actors. It’s convenient for the account team to access the sales database from their iPads, but can also be very dangerous. A lost or stolen device can compromise vast quantities of corporate data.

Another characteristic of cloud services is that access is required by the provider’s staff while performing administrative duties. This introduces an additional population of potentially malicious actors with the ability to mishandle data or engage in more harmful activities such as introducing malware to an environment. It is extremely hard to eliminate these risks. Robust monitoring can help identify anomalies that may indicate misuse of enterprise cloud resources.

Maintaining security should be the top priority of any organization that takes advantage of cloud computing resources. It’s a complicated task, but one that is essential to the safety of the enterprise data assets stored in the cloud. 

Read 1854 times
Rate this item
(0 votes)
 Robert Agar

I am a freelance writer who graduated from Pace University in New York with a Computer Science degree in 1992. Over the course of a long IT career I have worked for a number of large service providers in a variety of roles revolving around data storage and protection. I currently reside in northeastern Pennsylvania where I write from my home office.

Visit other PMG Sites:

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.