At this point in our Cloud Security Series, we have discussed many resources you can use to keep your data secure. Now let’s discuss access controls and authenticating proper access to those new resources including files, folders, databases and web applications.
One common control type is role-based access controls, which is an approach that can be used to restrict system access to authorized users. The company can apply this control to a specific group of users, and as new users are added to the group, they inherit the permissions that have already been applied. This approach can be used with Microsoft Windows Active Directory groups and within specific applications you create.
Another common control method is mandatory access controls, an approach where the operating system or application automatically determines if the party requesting access should be approved. Examples of this include providing a specific group of users access to their own area within a cloud-based intranet site, or providing access to specific confidential files on a cloud-based network share.
There are also discretionary access controls where permissions are managed by the data owner rather than the operating system. With this approach, secured resources each have an access control list that grants permission to specific files.
Audits and Assessments
Once everything is secure and working, it’s time to audit and validate your infrastructure to ensure that what you created is secure and protected. While you may be able to do this on your own, it's best practice to use a third-party product or service provider. Audits, scans and assessments should be conducted on a regular basis to ensure your infrastructure is fully protected.
Two common security assessments are penetration testing and vulnerability assessments, which assess your network security using a simulated assault on your cloud environment from both external and internal attackers. Here the testing application or third-party company you hire is looking for vulnerabilities in your virtual hardware or software, or improperly configured systems and applications. These evaluations are carried out using an individual who behaves like an attacker. Following the evaluation, any issues identified by the evaluation are presented to the company in an effort to reduce security threats.
We hope you found this five-part blog series useful. For more information how Tech Data can support your cloud security needs, contact our contact our Security Product Specialists at (800) 237-8931 ext. 73246.