Monday, October 7, 2019

Is your data safe in the cloud? 3 Important Tips To Protect Them

Understand the role of shared responsibility; understand how architecture affects vulnerability and make sure tools are correct

Data breaches are on the rise due to recent announcements of massive information leaks and the new European privacy protection regulation (GDPR) and the Brazilian version, called the General Data Protection Act (LGPD), which will come into force in August 2020. While the stories of big cases are more prominent, it is important to know that the appropriation of extraneous data is common and that seemingly simple mistakes can leave companies exposed. Therefore, they need to be aware of vulnerabilities.


Experts have identified the roots of a data vulnerability, such as misconfigured cloud servers, which may seem odd, but it is quite common. In the Cloud Cloud Risk Adoption 2019 report, McAfee points out that “organizations have on average at least 14 instances of Infrastructure as a Service ( IaaS ) misconfigured at one time,” and an average of 2,200 configuration incidents. per month, putting every organization at risk. In the list below, Pegasystems, the software company that drives digital transformation, has listed three tips to help keep data secure:

Understand your role of “shared responsibility”

Shared responsibility is at the heart of the Software as a Service (SaaS) business model, and the role your organization plays in securing cloud-based applications is highly dependent on the types of services you use for cloud deployment. SaaS has less impact on the customer, but its staff is responsible for system access and permission level. By migrating to the platform as a service (PaaS), you are managing users and developers. Finally, with Infrastructure as a Service (IaaS), your responsibility will extend to network and platform security. This is the arena where misconfigured servers are the direct responsibility of their owners, not their service provider.

If you are managing the infrastructure yourself, review your processes and automation to avoid making the most common mistakes:

Storage service data encryption is not enabled

Unrestricted Outbound Access

Resource access is not provisioned by using identity and access management (IAM) functions

Compute security group port is incorrectly configured

Computing security group inbound access is configured incorrectly

Unencrypted Machine Instance

Unused Security Groups

Virtual private cloud flow logs are disabled

Multifactor authentication is not enabled

Filestore encryption is not enabled

Understand how your architecture affects vulnerability

Cloud architecture continues to move forward to enable the use of resources on demand through technologies such as containers and serverless computing. But these are still relatively new technologies and there is still a significant base of virtual machines in use in the world. In the coming years, we will continue to operate in environments that mix these cloud technologies. Speeding migration to new forms of cloud architecture does not eliminate the risk of vulnerability through incorrect configurations. Developing centres of excellence around your infrastructure platform of choice or partnering with service providers who can document controls is critical to the secure deployment of cloud technologies.

this article was originally published on ------- Read More