Secrets to securing data in the cloud

Varma Rudra, Director of Rudra IT Consultancy LTD., provides architectural governance services for large-scale business and technology transformation programmes. His end clients include police forces, utility companies and facility management companies.

For Varma, a typical work day is packed with governance meetings and working towards managing stakeholder expectations and solution options to address customer requirements. Most of his clients use different cloud offerings from Microsoft and AWS.

“When it comes to productivity, Microsoft takes lead with their office 365 cloud offering. AWS is generally used when it comes to Linux and Java combination of deployment. When using Windows.Net and SQL server, clients tend to use Microsoft Azure because they are basically Microsoft offerings – deploying them in Azure gives an edge in terms of cost, ease of deployment, upgrades, etc.,” says Varma.

In the last 5 years, Cloud has evolved a lot and service providers have implemented a lot of controls to secure client services in the cloud. By opting for cloud-based IaaS, PaaS, SaaS solutions, customers are able to keep their infrastructure up-to-date and upgrade/migrate the same with ease

Useful tips for implementing the cloud

“One very important thing is to not implement solutions on the cloud with a traditional mindset. Many clients are surprised when they see their first bill because they ‘lift and shift’ the infrastructure,” comments Varma.

“Remember, the cloud is highly elastic in nature and you can scale up and when you require. So, implement the minimum infrastructure needed and scale it based on load. That’s the secret to success in the cloud!”

According to Varma, the following tips help secure data in the cloud:

  • Focus on entry and exit points in terms of network connectivity. Wherever possible, use private connections such as Microsoft express route, AWS direct connect.
  • In terms of cloud application connectivity, always encrypt the data in transit using SSL.
  • Ensure you implement least privileged and conditional based access to cloud administrative portals such as the Azure portal and AWS management console.
  • Implement RBAC access in providing access to cloud resources. Segregation and isolation of the resources using resource groups, virtual networks is key!
  • Utilise the security monitoring tools provided by cloud services provider to monitor the solution. Most of the basic functionality is free, such as Azure’s security centre.
  • In general, always divide the security focus areas into a matrix where rows are networks, compute, storage, applications, databases and columns are data encryption at rest, encryption at transit, authentication and authorisation etc; this will allow focussing on each security cell.
  • Carry out security risk assessment during the design phase to ensure the design has the appropriate security controls in place to mitigate possible risks.

Nevertheless, problems can arise when storing data in the cloud. “Services & data in the cloud is accessible from the internet. Unless proper controls in place, your users can access and download the data from anywhere in the world,” warns Varma.

Cloud storage security

“The majority of clients require their data to be encrypted in the cloud. Although cloud supports ‘bring your own key’ options, these encryption keys are stored in cloud providers key vaults. So, there is a very narrow chance that cloud providers can access those keys and decrypt the data. It’s also vital to note that cloud providers have very strict governance and accreditations in place to mitigate the same.”

Cloud providers generally keep their cloud services up-to-date with advancements in technology, according to Varma. “On the other end, many of the clients’ data centres he has worked with in the past have out-of-date IT infrastructure systems & applications which takes a lot of time and money to replace and are prone to attacks”, he adds.

Varma also advises that you must ask your service provider the following questions about cloud storage security:

  • What is the authentication and authorisation approach to cloud services?
  • How do you implement access controls for cloud services?
  • What’s the approach to secure transit and rest data?
  • What is preventive security monitoring are in place against risks and threats?
  • Are their solution adheres to such as cyber essentials, cloud security principles, ISO 27002?

Written by Leah Alger