The front line
Moving to the cloud involves planning how to secure and store your data, and it’s important that every vertical in your business is engaged. Think about all the people who can touch your data - from the HR department safeguarding your employees’ personal data, to the marketing and sales department who control the highly-regulated customer data produced by your CRM system.
Reaching out to these departments is vital when planning your security strategies to ensure they can easily integrate their data into the new setup. For external-facing departments, it’s also important to take feedback on how to streamline experiences for your customers.
The back end
Shadow IT can be a major risk to your cloud’s security. This is the collection of programs and applications that your employees adopt and add to your network without the knowledge of central IT. Without IT approving these programs – and ensuring they’re kept up to date with security patches – they can present a hidden trap-door to your network.
To combat the problem, establish a strong policy governing which programs can (and cannot) be uploaded onto the network. This policy should be enforced with periodic network audits, and requiring programs such file sharing services, which communicate outside the network to be individually whitelisted.
Another way to prevent hackers hopping onto your cloud is to deploy a Cloud Access Security Broker. This program acts like a bouncer: it sits between the cloud and those looking to access the it, and enforces an enterprise’s security policies on any connection.
While programs connecting to the cloud go through a security checkpoint, once they’re past that gateway they can potentially move and act unchecked. Lateral, “east/west” data flows, through cloud and virtual environments allow data to effectively bypass perimeter security defences.
Cloud environments are particularly conducive to east/west data flows between virtualised applications and network sectors.
To stop a data miner or ransomware potentially compromising your entire cache, it is important to segment your network (including applications and users) using virtual secure gateways in the cloud itself. This will allow your IT department to monitor how data is moving through your cloud networks and provide them with vital screening capabilities to ensure it stays where it should be.