1. Categorize the location and service of the cloud
According to the location of the cloud, you can determine whether the cloud is public, private or hybrid.
Based on the services provided by the cloud, you can determine whether it should be classified as IaaS, PaaS, SaaS or FaaS.
2. Shared responsibility model
According to the way of using cloud services, the shared responsibility model of data protection and network security must be understood. Microsoft has made it clear that it supports cloud shared responsibility, but not all shared responsibility models are the same. Microsoft stated that it is the customer’s responsibility to define data classification and protection control, while the provider’s responsibility includes the process through the cloud computing stack, describing application and operating system controls, network functions, and underlying host infrastructure (including hypervisors, storage components, and redundancy). And scalability tools, etc.).
Amazon cloud computing services provide a similar model. They divide the responsibility model into two major categories: cloud security and cloud security. Security in the cloud is the customer's responsibility. This includes data protection, identity and access management, operating system configuration, network security-access control-and encryption. AWS is responsible for the underlying part of the infrastructure, including computing components, storage infrastructure, databases, and networks.
Therefore, when preparing to start using cloud services, this information must be clearly understood and confirmed with the cloud service provider.
3. Know how your data is accessed and stored
According to the McAfee 2019 Cloud Application and Risk Report, 21% of cloud files contain sensitive data elements. It is crucial to check your cloud services and understand exactly what data they process. Most data may exist in a comprehensive cloud service, or in a cloud service that your enterprise (institution) is familiar with, but no cloud service can guarantee that your data is 100% free from threats. Therefore, it is necessary to regularly check data-related permissions in any cloud environment. You may even find that some sensitive data needs to be quarantined or deleted.
4. Establish a partnership with a reliable cloud provider
Maybe this step should be more advanced. At present, the cloud service providers on the market show strong consistency in reliability, transparency and compliance with established regulatory standards, but we can still pass some high-level and recognized certifications into the assessment, including but not limited to SAS 70 Type II or ISO 27001.
At the same time, these service providers usually provide accessible reports on security audits, results, certifications, etc. It is important to ensure that these audits are based on existing regulatory standards and conducted independently to eliminate any potential bias. Although a reputable cloud provider should continue to maintain certification and notify customers of any changes in the process, as the end user, you still have the responsibility to understand the data security needs and compliance requirements of your enterprise (organization).
5. Understand the security solutions that cloud service providers have implemented
Because cloud service providers may store or host your data, it is very necessary to understand how these cloud providers protect sensitive data, even to the bottom of the question degree. Never assume that the security measures of you or your provider are unbreakable. Reputable vendors should abide by industry-recognized implementation standards, such as zero trust and other data-centric security principles.
The security solutions of different cloud providers may differ due to their application and data service specialization. For highly sensitive data applications, one vendor may be very suitable, while for less sensitive data applications, another vendor may be most suitable.
6. Establish and apply cloud security guidelines
Have a detailed "Safety Operation Regulations" will establish a general security guidelines for your business or organization, specifying who can access what cloud services, how to use cloud services, and which types Data can be stored in cloud services and so on. In addition, the security technology needed to protect the data in the cloud should also be specified.
Ideal settings should include safety automation solutions to ensureEnsure that everyone follows the same guiding principles, whether it is security requirements from cloud vendors or purchasing independent security solutions with policy enforcement capabilities.
7. Manage your internal security threats
employees are often cloud service users, but they are often unaware of the potential security risks of these cloud service operations. If you ensure that employees receive training on cloud security operations before you start using it, it will greatly help reduce risks within your organization.
As mentioned earlier, creating "safe operation regulations" for cloud services used by employees is a simple and effective way to reduce risks. Understand what cloud services employees are using, set security policies according to different situations, determine which data types in the cloud are allowed to operate and which cloud services are allowed to operate, etc., all of which can improve security.
8. Train your employees
Followed by the previous article, in addition to security training before employees use, one of the most effective ways to prevent hackers from invading your environment is to train your employees regularly in the following time. Because technology and attack methods are developing rapidly, for example, your employees need to prepare for phishing and spear phishing plans, and other predatory attack methods are also becoming increasingly popular and mature. Regular training of employees to prepare them to identify current cyber threats or emerging cyber threats will also improve security.
9. Minimize the amount of data in the environment
Reducing the amount of data in the environment is a sure and effective way to improve security, while also reducing compliance risks.
10. Perform regular audits and penetration tests
Whether your company or organization decides to choose a partner for your cloud data security needs, you should conduct regular penetration tests to determine the security of your network facilities Whether the performance is adequate to deal with the risk. At the same time, one more thing that must be done is to conduct regular audits and check access logs to ensure that only authorized personnel are processing sensitive data, or take any other security measures to meet the latest security requirements. It is unrealistic for
to completely avoid using public cloud services for more security. Cloud-based work environments generally have fewer security issues than running in a traditional data center. If you can maintain sustained and stable security, you can significantly reduce risks with the many advantages provided by cloud computing services. It should be noted that there is no simple "one size fits all" solution to the data security needs of any enterprise or organization. The above-mentioned security practices summarized by the existing situation are still worthy of reference for companies that want to use cloud services but are worried about security.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-