Although cloud service providers implement the best security standards and industry certifications, storing data and important files on external service providers always opens up risks. Any discussion involving data must address security and privacy, especially when it comes to managing sensitive data. We must not forget what happened at Code Space and the hacking of their AWS EC2 console, which led to data deletion and the eventual shutdown of the company. Their dependence on remote cloud-based infrastructure meant taking on the risks of outsourcing everything.
Of course, any cloud service provider is expected to manage and safeguard the underlying hardware infrastructure of a deployment. However, your responsibilities lie in the realm of user access management, and it’s up to you to carefully weigh all the risk scenarios.
Though recent breaches of credit card data and user login credentials are still fresh in the minds of the public, steps have been taken to ensure the safety of data. One such example is the General Data Protection Rule (GDPR), which was recently enacted in the European Union to provide users more control over their data. Nonetheless, you still need to be aware of your responsibilities and follow best practices.
Best practices for minimizing security and privacy risks
- This is important: Understand the shared responsibility model of your cloud provider. You will still be liable for what occurs within your network and in your product.
- Implement security at every level of your deployment.
- Know who is supposed to have access to each resource and service, and limit access to least privilege. If an employee goes rogue and gains access to your deployment, you would want their impact to be over the smallest area as possible.
- Make sure your team’s skills are up to the task. The Top 10 Things Cybersecurity Professionals Need to Know is a great article to understand how to mitigate security and privacy concerns in the cloud.
- Take a risk-based approach to securing assets used in the cloud and extend security to the devices.
- Implement multi-factor authentication for all accounts accessing sensitive data or systems.
- Encryption, encryption, encryption. Turn on encryption wherever you can — easy wins are on object storage such as Amazon S3 or Azure Blob Storage where customer data often resides. The simple act of turning on encryption on S3 could have prevented the Capital One data breach in July 2019 that exposed 100 million users’ information.