How to improve public cloud security

This is one major concern for IT professionals. It is a shared responsibility between the client and the service provider. What to pay attention to.

Luciano Fernández
4 min read

The migration of data and other digital assets to the cloud has sparked one of the most important revolutions in the IT universe in recent years. But it has also fueled one of the biggest concerns for companies right now: how to keep information private and secure when the chosen environment is the public cloud.

 

In a recent survey conducted by BitGlass, a leading enterprise in cloud security, 33% out of 350 tech professionals from all over the world have admitted to being extremely concerned about the security of the public cloud, whereas 40% claimed to be very concerned. For 66% of the interviewees, the biggest worry is related to data losses or leaks. However, even though public cloud security is still a sensitive matter, almost half of the group acknowledged that software hosted on the public cloud is as secure as software housed in a private environment.

Tips to improve public cloud security

Cloud security is a shared responsibility between the client and the service provider. The former is in charge of ensuring security "on the cloud" while the latter needs to preserve the security "of the cloud. That is made clear by the major public cloud providers, such as Amazon Web Services, Microsoft Azure and Google Cloud Platform. This implies that, no matter what platform is used, the client will always be responsible for protecting their own data.

Recommendations

The first precautions to be taken have to do with choosing and hiring the provider. Some key aspects need to be taken into account. Most of all, it is essential to check the default settings that are made explicit in the Terms and Conditions, something which very few read.

 

#1 Understand where the data will be hosted. That means checking if the country offers guarantees as to its protection.

#2 Understand if there are any third-party companies involved in the service management, so to agree to that.

#3 Make sure if the confidentiality of the information is guaranteed.

#4 Check if there are any guarantees for a secure data deletion when requested or when the service contract is finalized.

Full visibility

To get the most security on the public cloud, you first need to make sure that you have full visibility into the entire cloud-based infrastructure: configuration, API calls and user access. You cannot control what you cannot see.

Password security

As with any other services or products in the digital environment, this is key to prevent attacks or information theft. In general, when setting passwords, people tend to choose those that can be easily remembered, making them more vulnerable. Passwords need to be well-thought to provide security: more than nine characters, uppercase and lowercase, digits and special characters.

Encrypted data

Today, anything can be encrypted, from a text document to entire drives, and there are several applications to encrypt and decrypt files and data. Encryption is no longer a tool exclusive to security experts: it must be used on a daily basis. When someone illegally intercepts an encrypted file, even though they can open it, they will barely make out a set of illegible characters.

Classified information

One alternative is to classify the information so to determine what will be hosted on the cloud or not. Not every piece of information needs to have the same security parameters. Establishing a classification of the data implies that deciding which information will be uploaded to the cloud is not something to be specified for every single action; instead, it will be preset. That way, no one will upload the wrong information.

An updated security system

Having top-grade antivirus software is critical. Currently, you can have antivirus software running on the cloud, too, so to save disk space on any device. This type of software is capable of easily detecting any kind of trojan, spyware or virus since their database is constantly updated through its online connection.

 

Do you need a team of security-savvy professionals to protect your business? At Awkbit, we work on the cloud every day, and we can provide support so your organization can get better results. Get in touch!

Reach Out!