Next on our cloud security series, we will discuss the steps you can take to secure your storage resources since data is the most valuable asset in the cloud environment. First, I recommend implementing resource controls and ensuring that only the right resources have access to the secured information. Also, consider implementing a data classification practice where data is sorted into certain categories to help define placement, access, backup, recovery and security policies. Additionally, consider implementing drive encryption, so if someone gains access to your data the information remains secured.
Another area which is frequently overlooked is replication, geographic redundancy and backups. Just because your data is in the cloud doesn’t mean it’s protected from you corrupting or deleting it—think about establishing a disaster, backup and recovery solution for your cloud services so you’re protected.
Lastly, ask your cloud provider about their physical data center and what security measures they have in place to stop a malicious user from gaining physical access to your resources. Some small or startup cloud service providers (CSPs) may have their servers in an area where they can be easily accessed by someone with malicious intent. On the other end of the spectrum, some CSPs may have their servers locked down like Fort Knox with 24/7 surveillance and armed guards, so always ask what security protocols they have in place at their physical location.
Depending on what you decide to deploy in the cloud, you may also need to add secured and encrypted connections to your new cloud solution. There may be different methods to consider depending on what you are implementing, but below we will review the two most common security protocols.
The first is internet protocol security (IPsec), which ensures internet protocol traffic is using encryption and digital signatures. A benefit of lPSec is that it's not program specific, so if IPSec is being used to establish secured communication between you and the cloud, all data can be encrypted or signed regardless of the application sending or receiving the data.
On the other hand, secure sockets layer (SSL) and transport layer security (TLS) are used to secure the communication of specially configured programs. However, like IPSec, both encryption and authentication are used to achieve this degree of security.
Most of us who are computer savvy relate SSL with protecting web servers, but SSL can be placed on any network application that supports it, like simple mail transfer protocol (SMTP) mail servers and lightweight directory access protocol (LDAP) directory servers.
Stay tuned for our last installment of the cloud security series!