05 WAYS TO SECURE BUSINESS DATA ON THE CLOUD

There is a misconception that cloud storage service providers are solely responsible for the security of their customers’ data, leading to negligence in protecting the safety of their own data. According to a report by the American research company Gartner, in 2020, cases of information leakage on the cloud will increase to 80% due to businesses not properly structured and not optimizing their business processes. Therefore, businesses using cloud services need to think about strengthening data security right now and consider it an important task of the business itself.

Here are some statistics related to cloud security issues for businesses:

– 64% of companies consider cloud systems more secure than their on-premise systems
– 75% take additional measures to ensure security

 

– 61% encrypt their data

 

– 52% have put in place a policy to control access to information systems

 

– 48% conduct regular information system audits for compliance with security requirements.

Next, we’ll look at five of the most common ways to protect data in the cloud: data encryption, infrastructure monitoring, access control, data backup, and disaster recovery planning.

1. Data encryption:

To ensure data security, businesses need to implement a specific encryption policy. However, we do not necessarily have to encrypt all of our data because this can lead to more disadvantages than the benefits that businesses can achieve. You need to understand what data is stored in the cloud, where the traffic is coming from to determine what data needs to be encrypted. To know whether encryption is effective or not, businesses need to compare the cost between applying encryption measures and the losses that occur when information is leaked. Businesses also need to analyze how encryption will affect the performance of their information systems.

Data protection can be done at different levels. For example, all data that users send to the cloud is encrypted using block cipher algorithms. The next level is to encrypt the data on the cloud storage system.

First, we should encrypt the data on our computer and then send it to the cloud. You can create a backup of any project. Besides, we should download valuable encrypted files or cryptocurrency containers to an external hard drive, because there may be cases where data from unreliable cloud storage will be permanently deleted without the owner’s consent.

If you have a lot of files to encrypt, you can use encryption services to encrypt the data before uploading it to the cloud. You can even encrypt the file headers so that if a hacker gets access to the file, they won’t know the file’s title or contents.

For example, Boxcryptor is one of the applications for data encryption, this application supports encryption of most popular cloud storage services such as Dropbox, Google Drive, OneDrive, Amazon, etc. This application also runs on popular operating systems, even on mobile operating systems such as iOS and Android. The application has both paid and free versions.

2. System monitoring:

Attackers almost always find a way to penetrate a system. To prevent threats, it is necessary to ensure that attacks do not spread to other vulnerable systems by blocking unauthorized connections between workflows with malicious connection requests.

There are many system monitoring products on the market that allow you to see all the activities of the network connection such as: knowing who is connected to the system and setting rules for users (setting specific rights for each object, allowed access rights).

The monitoring system also allows for statistics on events and threats related to each user.

For example, Zscaler allows sending logs to the customer’s SIEM (Security Information and Event Management) system to receive reports from various data sources. Zscaler provides users with a set of predefined and customized logs. Including the following types of reports:

Executive Reports –  A concise security report for managers containing detected threats or breaches over a specified period of time

Interactive Reports

Scheduled Reports:  provide regular standard reports or customized reports

Company Risk Score Report:  Calculates risks for operations within the Company

Industry Peer Comparison – Compare  your company’s performance with other companies in the industry

System Audit Report:  Status report on GRE tunnels, PAC files… If there are problems, recommendations and solutions will be provided.

Security Policy Audit Report – Security Policy Audit Report .

3. Control access to the system:

Most users are accustomed to logging into the system using their username and password. Password data is usually stored in hash form in a closed database. To avoid stealing the session of an authenticated user, the login and password information will be checked each time the login page loads. The system will automatically log out when an authentication error occurs. In addition to this traditional login protection, cloud storage services also provide a number of other protection measures.

Like the user role based security model (user role based access control): users are identified through login credentials, when the login identity is authenticated then roles and decisions are automatically assigned to that user. There are many different organizations that apply this model and it allows organizations to assign user roles based on their operational tasks.

Role Based Access Control (RBAC) considers all information as belonging to its organization. In this system, a user cannot transfer his access rights to another user. This system decides the access rights based on the role and function of the user assigned to that person by the organization.

The determination of rights and membership does not depend on the system administrator but depends on the security policy applied in the system. Roles can be understood as the actions that a user or a group of users can perform. Roles are determined according to the user’s responsibilities and rights. The functions and access rights of the role will be determined by the system administrator.

Role management policies allow for the division of rights between roles according to the user’s official duties. The system administrator role will be supplemented with special rights to control system operations and manage system configurations. The rights of regular users will be limited to the minimum necessary to run specific programs.

Amazon EC2 uses RBAC to regulate end-user access to resources. Microsoft Azure also uses RBAC to control access to cloud resources.

Some of the actions that can be performed using RBAC are:

– Grant one user the right to manage virtual machines in the registry and another right – to manage virtual networks;

– Grant permission to the database system administrator group – DBA (Database Administrator) to manage the SQL database in the registration;

– Grants the user management rights to all resources in the resource group, including virtual machines, sites, and subnets.

4. Back up data

Cloud applications are only protected to a certain extent. That is why every now and then you will hear about a cloud service provider deleting a customer’s virtual machine or storage data. To keep your data safe, you need to back it up to the customer’s data center or to another cloud service provider (redundancy).

On a small scale, you can copy the data to a local or external storage drive. However, this is an unreliable manual process and cannot be done on a large scale.

In the case of large files and applications, it is not possible to do it manually. Enterprises using cloud services based on IaaS – Infrastructure as a Service (infrastructure as a service) can use APIs provided by cloud service providers to develop software to back up data to an internal server or use software provided by a third party to back up data to an internal server, to a network storage device (NAS) or to the enterprise’s own data center.

Backing up data from one cloud to another offers many advantages over local backups such as: low infrastructure investment costs, faster backup and restore, more flexibility.

As part of the cloud storage service, users can also back up important data (files, databases, operating system configurations) to the cloud. To do this, it is necessary to install special agents to back up data of the necessary applications. The presence of agents ensures the integrity of the data in the backup and the automatic transfer of reserved data through VPN channels on the internet.

5. Disaster Recovery Plan

A disaster recovery plan helps protect your business from IT infrastructure disruptions and potential data loss.

A traditional recovery plan creates a backup site, often in a different region or even a different city. The business must build at this backup site a system similar to the system at the main site in both hardware and software. This means that the costs (investment costs, maintenance costs, operating costs, etc.) of the backup site are the same as the main site. The cost of IT infrastructure can be doubled to ensure business continuity. While cloud backup services provide the flexibility to quickly increase or decrease the amount of resources used (which also means increasing or decreasing the cost of use) without the need for initial capital expenditure.

Choosing to use cloud storage services for backup and disaster recovery sites is probably the most effective and feasible plan for most businesses.