Businesses of all sizes are increasingly moving their applications and data into the public cloud to take advantage of the cost, capacity and agility benefits of harnessing cloud-based infrastructure as a service (IaaS).
IaaS can be dialled up and down quickly to meet demand but just as cloud is easy to deploy, it is also easy to make mistakes. Native cloud security controls provide some degree of basic protection, but breaches are often the result of misconfiguration, improper use or advanced threats.
Public cloud vendors like AWS, Microsoft Azure and Google Cloud operate on a “Shared-Responsibility Model”, committing only to securing their infrastructure services (i.e the hardware, software, networking and facilities).
The security of data and the content of any applications you build on top of their service architecture is uniquely your responsibility.
Even a minor misconfiguration within a cloud-based application could potentially cost your organisation millions in losses and constitute a major compliance nightmare incurring hefty fines. The accountability for any theft of user credentials, data leakage due to improper controls, failure to comply with regulations or proliferation of malware squarely rests with the IT team.
This is underlined by the National Cyber Security Centre (NCSC) who issued 13 Key IaaS Principles to enable organisations to determine their IaaS exposure and make informed decisions about the security of their applications and data in an IaaS scenario.
Key IaaS Principle #5 relating to Operational Security states that, although the service provider you use should have processes and procedures in place to ensure the operational security of their underlying IaaS service, you will be responsible for much of the operational security of your applications.
To determine the level of IaaS security risk we work with customers to understand whether you:
• are currently deploying anything on AWS, Azure or Google Cloud?
• have checked and tested your configurations?
• are using any S3 buckets with encryption disabled?
• have any internet connected databases?
as well as what you are currently using for data security and whether your cloud services are aligned with your internal security and compliance policies?
The key to IaaS security lies in securely configuring the infrastructure you deploy along with everything you build onto it.
This includes monitoring for:
- risky configurations
- anomalous user activities
- suspicious network traffic
- host vulnerabilities
At Autodata we offer a free Cloud Risk Assessment to look at how well your current cloud security is working for you and highlight any issues. We consult with you to determine how your cloud services and resources are configured and whether they adhere to industry best practice standards such as CIS NIST and PCI.
Alternatively if you are not currently maximising the benefits of IaaS, we can show you how to rapidly and securely migrate to the cloud.
Ensure your data and applications in the public cloud are secure. Get in touch with us for a free Cloud Security Risk Assessment.