Identity and Access Management (IAM): When establishing an approach to cloud security, it is important to identify and categorize role-based accounts for the users in the organization. As access is needed, IT administrators can grant additional permissions, which can help compartmentalize the risk and lower the exposure of privileged accounts. Similarly, when you are supporting a company that is leveraging services for cloud transformation, you need to also identify how those services are being accessed and managed. To fully secure IAM, providers should enable single sign-on and multifactor authentication for all users.

Intrusion Detection Systems (IDS): An Intrusion Detection System monitors and analyzes traffic in the network and alerts IT of any activity that is anomalous or matches a known malicious pattern. However, an IDS should not be confused with a firewall. A firewall is an external-facing solution that proactively protects an environment from intrusions, whereas IDS looks within the network to identify and detect malicious activity. To secure traffic coming in and out of the network, providers should deploy controls at layer 4 and layer 7. In the OSI model, layer 4 controls focus on the security and deliverability of data packets–where the data is coming from and where it is going. Layer 7 controls focus on the security of the applications themselves. For example, Outlook, Skype or any application a user interacts with directly.

Network Security: Under the Shared Security model, public cloud platforms like Azure, AWS and GCP are responsible for the security of the cloud, while your customer is responsible for securing what is in it. To keep workloads and applications safe, customers need to deploy a solution that proactively secures and monitors their environment. For example, a CloudGen Firewall or a WAF can help detect and defend against today’s sophisticated threats.

Data Protection: The cloud has inevitably increased the complexity of protecting customers’ data–and GDPR has challenged IT professionals even further. Essentially, a backup is a snapshot in time of your customer’s data at rest. While this is still very important to restore business-critical data, GDPR has required IT professionals to secure that data one step further and protect it while it’s in motion. When data is moving in and out of the network, it can be extremely vulnerable to malicious activity. That’s why it’s recommended to have customers’ data encrypted at all times.

Incident Response: What happens when a threat is found? An incident response plan is a list of procedures to help you rectify vulnerabilities that have happened, or strategies to help you avoid incidents in the future. Cyberthreats are an unfortunate reality for every business. That’s why it is imperative to have a strategy in place for both cloud and on-premise environments. Incident response–by nature–is a very reactive approach to security. However, to take an actionable approach, it is important to continually examine processes and procedures to make sure the cloud framework is secure. This means detecting and remediating issues on a consistent basis and leveraging the right tools to prevent incidents from happening in the first place.