Improve Your Cloud Security

September 23, 2014
Shares Share
0
Uncategorized No Comments

by James Ling, Director, CISA, and Misha Kalhin, Senior Project Manager.

Switching to the cloud from in-house can transform your business, as we’ve discussed in our previous blog posts.  Cloud hosting promotes efficiency, cost reduction, and flexibility by freeing your organization from managing large air-conditioned spaces with rapidly aging hardware and by reducing your reliance on in-house IT expertise to manage functions that are not core to your business.  There are a lot of benefits of moving to the cloud, but, every executive in charge of the decision to migrate services to the cloud needs to consider the risks. This post will focus on managing the security risks of moving your systems and data out of your own facilities.

Cloud security is an issue that has been in the spotlight after Target and Home Depot data breach scandals, which prove that if your security measures are insufficient, the results will be devastating.  Tens of millions of dollars, in this case. Cloud service providers typically “share” security responsibilities with their clients, i.e. they provide fundamental security of the infrastructure, and expect their clients to secure applications that have been deployed in that infrastructure. After the incident Home Depot, for example, implemented “enhanced encryption of payment data” to avoid future breaches.

DX Cloud V1

From a security standpoint, the two factors you need to consider when you plan cloud migration is reliability of your cloud infrastructure provider and reliability of the partner, who will design your cloud solution architecture, migrate your systems, and then test the solution. In addition, to avoid potential risks, your organization needs a robust Cloud Governance policy to define the appropriate uses of the cloud, cost management and disaster recovery.

Selecting a Cloud Infrastructure Provider

According to the recent survey, cloud adoption is approaching ubiquity in 2014, with 94% of the organizations surveyed using Iaas, and 87% using public cloud. Today, the top cloud infrastructure providers are Amazon (AWS), AT&T, HP, Rackspace, and Microsoft, among many other. Dextrys has selected AWS as our primary partner, because they are generally considered a market leader in cloud computing. They are known for innovation, wide range of cloud services to suit most organizations, including government agencies, and, according to Gartner, AWS pricing is “industry reference point.”  AWS offers highly secure facilities, constant surveillance and multiple levels of protection from physical and virtual attacks. Here’s a snapshot of their security features:
  • Secure Access to AWS services using an encryption protocol.
  • Built-in Firewalls that can be configured based on your organization’s needs, as well as a Virtual Private Cloud network.
  • Unique users, Encrypted data storage, Isolated GovCloud compliant with US ITAR regulatons (here’s the full list)

 Selecting a Cloud Migration Partner

Amazon’s security measures are fundamental and necessary, however, AWS does not guarantee complete security.  They “share the security responsibility,” which means that there are additional steps that you will need to take when designing your system architecture and migration Security issues can come up during migration process, some of them inherent to the platform you are using, your application, or people that access your AWS instance.  If you are not fully confident in your team’s ability to meet all those challenges, you will need a partner who can help you plan and execute the transition.
As a part of our Cloud Migration offering, Dextrys provides system hardening services to secure:
  • Linux – by reinforcing the kernel to avoid DOS and spoofing attacks. Other services include Mandatory Access Control, locking down with SELinux.
  • Apache – by disabling unnecessary “mods”, secure access, restrict access to root directory, configure CGI and SSI, keep and monitor access logs.
  • PHP – by limiting execution time to prevent large-scale SQL injection attacks, disable potentially vulnerable services.
  • MySQL – by restricting service by IP and implementing additional secure access methods.
In addition to system hardening, we use third-party tools, such as Continuous Monitoring and Vulnerability Management to validate your cloud security.

Cloud Governance

According to 2014 Rightscale survey many organizations have yet to implement Cloud Governance Policy to determine the appropriate use of cloud (public, private or hybrid), which applications can/cannot be deployed in the cloud, cost management policy, and disaster recovery. Having a Cloud Governance policy will help to determine who is responsible for which areas of cloud security and help to avoid chaos in case of a security breach.
Cloud Services with Dextrys
It’s important to select the right partner to for your cloud services needs. In addition to developing your web or mobile app, Dextrys can also launch it in the cloud – securely.  Click here to find out more about Dextrys cloud services.

 

About admin

Leave a Reply

Next Post