Tips for Launching an Actionable Cloud Security Framework
When it comes to cloud security, SMB customers need your help. As more organizations shift their workloads to the cloud, they are finding it increasingly difficult to provide the same security measures that they employed in their on-premise environments.
While it is important to secure the environment as soon as possible, providers often jump from solution to solution and miss some key security elements. That’s why it is best to take an actionable and sequential approach to cloud security. To improve the management of cybersecurity risk, NIST’s Cybersecurity Framework created a set of best practices for MSPs and MSSPs to utilize in their customers’ public cloud environment.
To successfully launch an actionable cloud security framework – and avoid missing key elements – providers should sequentially focus on these five key areas:
- Identity and Access Management (IAM): When establishing an approach to cloud security, it is important to identify and categorize role-based accounts for the users in the organization. As access is needed, IT administrators can grant additional permissions, which can help compartmentalize the risk and lower the exposure of privileged accounts. Similarly, when you are supporting a company that is leveraging services for cloud transformation, you need to also identify how those services are being accessed and managed. To fully secure IAM, providers should enable single sign-on and multifactor authentication for all users.
- Intrusion Detection Systems (IDS): An Intrusion Detection System monitors and analyzes traffic in the network and alerts IT of any activity that is anomalous or matches a known malicious pattern. However, an IDS should not be confused with a firewall. A firewall is an external-facing solution that proactively protects an environment from intrusions, whereas IDS looks within the network to identify and detect malicious activity. To secure traffic coming in and out of the network, providers should deploy controls at layer 4 and layer 7. In the OSI model, layer 4 controls focus on the security and deliverability of data packets–where the data is coming from and where it is going. Layer 7 controls focus on the security of the applications themselves. For example, Outlook, Skype or any application a user interacts with directly.
- Network Security: Under the Shared Security model, public cloud platforms like Azure, AWS and GCP are responsible for the security of the cloud, while your customer is responsible for securing what is in it. To keep workloads and applications safe, customers need to deploy a solution that proactively secures and monitors their environment. For example, a CloudGen Firewall or a WAF can help detect and defend against today’s sophisticated threats.
- Data Protection: The cloud has inevitably increased the complexity of protecting customers’ data–and GDPR has challenged IT professionals even further. Essentially, a backup is a snapshot in time of your customer’s data at rest. While this is still very important to restore business-critical data, GDPR has required IT professionals to secure that data one step further and protect it while it’s in motion. When data is moving in and out of the network, it can be extremely vulnerable to malicious activity. That’s why it’s recommended to have customers’ data encrypted at all times.
- Incident Response: What happens when a threat is found? An incident response plan is a list of procedures to help you rectify vulnerabilities that have happened, or strategies to help you avoid incidents in the future. Cyberthreats are an unfortunate reality for every business. That’s why it is imperative to have a strategy in place for both cloud and on-premise environments. Incident response–by nature–is a very reactive approach to security. However, to take an actionable approach, it is important to continually examine processes and procedures to make sure the cloud framework is secure. This means detecting and remediating issues on a consistent basis and leveraging the right tools to prevent incidents from happening in the first place.
To establish and maintain an actionable approach to cloud security, providers should look for any gaps in the existing strategy. By identifying and remediating weak areas, providers can help customers strengthen their cloud security posture and further protect them against today’s sophisticated threats. As the dependence on the cloud increases and more customers move to the cloud, this will inherently provide more opportunities for providers who can effectively protect these increasingly complex cloud environments.
Chris Crellin is senior director of project management.
This guest blog is part of a Channel Futures sponsorship.