Cloud Security

Your on-premise data might be secure, but how does your Cloud security measure up? Implementing lock-down methods for both is key to ensure your data remains safe.

If your Cloud Security is presenting challenges within your IT department, now is the time to take action. With Cloud technologies evolving every day, the cyber arms race is well and truly underway. Do you have the capability in-house to square up to cyber threats to your Cloud data? Secure your Cloud Apps such as Office 365 and be confident that your data is as safe in the Cloud as it is on-premise.

Cloud security tips

At CST, we offer many solutions and services to help you embrace the Cloud to provide complete security confidence. We understand that there is a sea of vendors in the marketplace offering many different products, but which is the best for your business?

Kick-start your Cloud security strategy today with our top 5 tips to safeguarding your Cloud data:

1. Perform Due Diligence & Mitigate Risk:

   Understand the security and availability SLAs of the Cloud App. Where the data will reside, and what happens to your business if the Cloud vendor fails. Asses the risk based on a worst-case scenario. Moreover, if the risk is too high, look at 3rd party cloud plugins that can eliminate dependencies, or provide additional safeguards, such as:
   

• Encryption: Safeguard data at rest and in transit.
• Cloud Access Security Broker (CASB): Apply access and usage controls beyond what the Cloud App natively offers.
• Archiving and Continuity: Make separate backups and instigate seamless failover services.
• Data Protection: Apply additional cyber security and information loss controls.

2. Lifecycle Insight:
   Confirm what happens should you want to move from a Cloud App vendor; how easy and to what cost is it to extract or move your data.
   
   
3. Manage Access (the Who, What, Where and How)
   A Cloud based App does not mean you have to compromise access control. Most Cloud Apps can support access control based on attributes like location, device and user in which to apply granular privileges. If they do not, then there are 3rd party plugins that can. 
   
   
4. Establish Full Visibility
   To manage your Cloud data risk, you must first map your data in terms its personal and confidential context. Now review if the approved and non-approved (so called Shadow IT) Cloud Apps are fit for purpose. A Shadow IT assessment will identify any un-approved Cloud apps that are being used in your organisation.
   
   
5. Educate Your Employees
   Empower your front line with the knowledge to use Cloud Apps without fear. Ensure they understand what Cloud Apps are approved, set expectations as to what to expect from a Cloud App regarding availability, confidentiality and cyber threats: A Cloud App does not make it a perfect App.

Cloud Security Strategies

Whatever strategy your business adheres to for securing your Cloud data, at CST, we find the common challenges our customers face fall under the following categories:

Securing Cloud Applications (Apps).

Cloud Apps such as 0ffice 365, Sales Force, Dropbox, etc are there to make work more efficient and reduce on-premise support burdens. The challenge, though, is to protect a Service that is outside of your hosting control, accessible from just about any location or device and typically by default has its native security controls and policies set at their lowest protection level.  So - designed to aid easy usage, simple adoption and mass consumption. All of which do not go hand in hand with a strong Data protection or Cyber Security objective.  Below are some complementary solutions and services to raise the security level of Cloud Apps

Symantec Email cloud
Ideal for clients adopting O365 or indeed any other email Cloud app. The service works seamlessly with O365 to ensure email threats such as malware, spam, phishing and malicious URL links are removed from the O365 communication stream.

Symantec CASB
A solution that gives you centralised access and data protection control of Cloud Apps.  Cloud App adoption can sometimes be sporadic, such as an isolated Finance Dept using a new payroll Cloud App, or strategic with a “Cloud First for all” with Cloud Apps being used for every possible business function.  Either way, Symantec’s CASB ensures that:

1. Cloud Apps (authorised or non-approved) are discovered and their usage understood: the principle being that you cannot secure what you don’t know about.
2. Access control of Cloud Apps are managed easily and simply. Rather than a Cloud management interface for every Cloud App, it features a single overriding Cloud control portal to give you central control. There is an adage that “Complexity is the enemy of Security”, in which case, a tool that can bring clarity of usage and streamline Cloud App access control can only be a good idea.
3. Data export & sharing protection. Symantec CASB includes information security controls that allow for greater granularity of what data can be shared to a Cloud App, typically termed DLP (Data Loss Prevention). These controls will ensure sensitive or high value data can never leave the business accidentally or otherwise. Just because you have adopted the Cloud Apps, it does not mean you have to trust them for everything!

CST’s O365 Security Assessment Service
Microsoft approached us in 2018 to adopt their security competency. They found that customers of O365 do not tend to use all the security features and functions available to them. Sometime the first time an O365 customer becomes aware of a security feature is after they suffer a breach and the subsequent review unearths policies that were never tweaked, or a feature wasn’t enabled. O365 comes with some powerful security controls, however by default these are not enabled, or the configuration is at low protection state. Our service is based on Microsoft’s security methodology and security tools. The service will appeal to those considering O365 and how to adopt in a secure and safe sate, or to those using O365 who never got around to undertaking as much due diligence as they would have preferred.

Securing Cloud Infrastructure:

Cloud infrastructure rental, such as with Azure, AWS etc, does not typically include security protection as standard and you will need to safeguard against the usual threats that would target on-premise platforms. Threats can include viruses, targeted attacks and exploitable conditions. You also need to consider that the ease of which a Cloud platform can be spun up and in-production makes for an insecure state; for example - from development to operational can now happen at the flick of a switch, and hence standards, builds and approved configuration usage can quickly become surpassed. Lastly, just with on-premise security, the privileges of administration requires formal management, as it not uncommon for too many users having privileges beyond what is needed when Cloud infrastructure is utilised. Below are a few solutions that can address Cloud infrastructure security.

Symantec CASB
See above for benefits of deploying Symantec’s CASB Service.

DCS:SA for Workspace
Symantec Data Centre Security (SDCS) is designed to protect and control any, and all actions that can be performed on your infrastructure systems and platforms. Locking down approved applications and OS functions, along with safeguarding against zero-day threats and vulnerability compromise. Lastly, DCS-SA can control who can spin-up Cloud platforms and enforce approved build and configuration state.

Opinion & Resources

Download the white paper by Osterman Research on why your company needs third-party security solutions for Office 365 here.

Our experienced Sales Team are fully equipped to advise on the most effective solutions for your business that will ensure your Cloud data is impenetrable whilst offering a return on your investment.

 

Nigel Lewis