Cloud Security Best Practices: A Step-by-Step Guide, Phase 2

Phase 2: Protect your cloud

Once you understand your cloud security risk posture, you can strategically apply protection to your cloud services according to their level of risk. There are several cloud security technologies that can help you accomplish the following best practices:

Step 1: Apply data protection policies.

Step 2: Encrypt sensitive data with your own keys.

Encryption available within a cloud service will protect your data from outside parties, but the cloud service provider will still have access to your encryption keys. Instead, encrypt your data using your own keys, so you fully control access. Users can still work with the data without interruption.

Step 3: Set limitations on how data is shared.

From the moment data enters the cloud, enforce your access control policies across one or multiple services. Start with actions like setting users or groups to viewer or editor and controlling what information can be shared externally through shared links.

Step 4: Stop data from moving to unmanaged devices you don’t know about.

Cloud services provide access from anywhere with an internet connection, but access from unmanaged devices like a personal phone creates a blind spot for your security posture. Block downloads to unmanaged devices by requiring device security verification before downloading.

Step 5: Apply advanced malware protection to infrastructure-as-a-service (IaaS) such as AWS or Azure.

In IaaS environments, you’re responsible for the security of your operating systems, applications, and network traffic. Antimalware technology can be applied to the OS and virtual network to protect your infrastructure. Deploy application whitelisting and memory exploit prevention for single-purpose workloads and machine-learning based protection for general purpose workloads and file stores.

Next week we'll talk about phase 3.

Source: skyhighsecurity