Table of contents
Generate summary with AI
Moving to the cloud offers a wide range of business benefits, including productivity, speed to market, scale, and cost-reductions. But did you know that it’s also shown to be more secure than sticking to on-premises systems and architecture? In fact, according to Microsoft, 94% of SMBs report security benefits after moving to the cloud.
To understand more about how Atera protects customer environments, applications and data on the cloud, you can check out our multi-layered security approach, right here.
For now, let’s look at some general best practices rules for making your cloud environment secure, and complying with the Shared Responsibility Model.
Don’t Forget Physical Security
If you are using a public cloud vendor such as AWS, Azure, or GCP, you’re probably already familiar with the Shared Responsibility Model. Simply put, your vendor is responsible for the physical security, including hardware, networking and the facilities and software that runs the cloud environment, while you are responsible for applications, data, workloads, and user security.
The physical security controls you should expect your cloud vendor to offer as standard include access control such as biometric scanning, video surveillance or intelligent tracking of assets, and environmental controls inside the buildings, like a heating and cooling system that keeps the temperature according to best practices, and fire detection and suppression procedures in place. There should also be security in place for emergencies, such as power generators, or redundant systems.
Your data is the ultimate crown jewels for attackers who are looking for payloads in cloud environments. Make sure that your cloud service encrypts all data both in transit and at rest, so that even third-parties don’t have access to the information. You can look into the terms and conditions of each cloud service provider to make sure that you’re not allowing private information sharing via the application. If you’re unhappy with the terms, such as how long the service stores your data, or what it can access from your devices, reach out directly and get some more information.
Weak passwords are a real problem for cloud security, as the cloud offers more entry points to your network than ever before. As so much traffic moves inside the data center, East-West, it offers opportunities for attackers to make lateral moves from a single user machine to elsewhere in the network. Make sure that your cybersecurity vendor offers opportunities for risk assessment that includes highlighting users that are using poor password hygiene. Bitdefender is a great example of an AV tool that includes this kind of Risk Management
How to Protect Your Information
Your data is the ultimate crown jewels for attackers who are looking for payloads in cloud environments. Make sure that your cloud service encrypts all data both in transit and at rest, so that even third-parties don’t have access to the information. You can look into the terms and conditions of each cloud service provider to make sure that you’re not allowing private information sharing via the application. If you’re unhappy with the terms, such as how long the service stores your data, or what it can access from your devices, reach out directly and get some more information.
Weak passwords are a real problem for cloud security, as the cloud offers more entry points to your network than ever before. As so much traffic moves inside the data center, East-West, it offers opportunities for attackers to make lateral moves from a single user machine to elsewhere in the network. Make sure that your cybersecurity vendor offers opportunities for risk assessment that includes highlighting users that are using poor password hygiene. Bitdefender is a great example of an AV tool that includes this kind of Risk Management as part of the base package. Other best-practices include two factor authentication whenever it’s on offer, and a robust and continuous patch management process that ensures you never have vulnerabilities left open in software products that are part of your cloud environment.
High Level Tips for Database Security
Setting up your architecture with security and privacy in mind is important. For example, you may want to spread your data across multiple regions, something which can be offered using AWS or Azure Availability Zones. This is called a multi-AZ configuration, and can protect you in case of an outage.
You may want to consider using a VPC, a virtual private cloud environment, which allows you to set up your own IP addresses, subnets and network gateways. You may want to ask your software provider about their use of login restrictions, such as only allowing user activity from specific IP addresses, for example. With a VPC, you can use security groups so that certain applications are open to the web, and others are in the private cloud and kept inaccessible. This kind of hybrid set-up can be advantageous if you have highly secure data and information to protect.
If you’re an IT provider or an MSP who is managing multiple clients and their data , make sure that you’re using controls that allow for a logical separation between the different company data, as well as utilizing multi-tenant architecture, including time-out values, password policies, user profiles, and session tokens. Lastly, RBAC or Role-based Access Control can help with secure access to your resources and your DB instances. Both Azure and AWS have tight Identity and Access Management that allows you to define policies and rules for roles, users and groups.
Think Niche
It’s important to consider your own unique use cases when it comes to cloud security. For some, this might be a complex or large supply chain of third-party vendors. For others, it might be regular access or remote control to customer environments. It could be home networks, BYOD, or a highly-sensitive and regulated industry.
Whatever the situation, ask your cloud and software vendors about your specific needs, making sure that they have a robust set of security processes and best practices in place to meet those requirements.
Related Articles
How to disable Fastboot, why it helps, and where it complicates Windows 10
Using Windows 10 Fastboot might save you time, but can cost you elsewhere. Here’s how to disable Fast Boot and avoid related complications.
Read nowGuide for MSPs: 7 best practices to onboard customers correctly
Here's our up-to-date guide for MSPs on how to onboard customers correctly and efficiently, so you're ready to go in no-time!
Read nowShould you segment your clients? How to do it correctly
Every MSP knows that no two clients are the same. We break down the different ways you can go about segmenting and why it may be very beneficial for you.
Read nowHow to expose passwords stored on various common browsers
Exposing passwords hidden in browsers can help with IT hygiene. Here are step by step instructions for Chrome, Safari, Edge and more.
Read nowEndless IT possibilities
Boost your productivity with Atera’s intuitive, centralized all-in-one platform