50 Cloud-Based Security Selection Tips
With more and more companies making the move to the cloud, security remains an utmost concern. Reviewing a cloud security solution? Ask yourself these 50 questions.
50 Cloud-Based Security Selection Tips
Businesses everywhere are relying on cloud computing to run their operations. With 70.5% of companies increasing their budgets and usage of cloud storage, the cloud market is forecasted to double by 2025.
Cloud computing has many benefits, even for information security teams, such as better accessibility, streamlined application management, and better flexibility and scalability. While the major cloud providers like Amazon Web Services (AWS) and Microsoft Azure offer many built-in security features, cloud providers operate on a shared responsibility model, meaning that users are responsible for certain aspects of security, depending on the cloud delivery model (IaaS, PaaS, or SaaS).
More and more companies moving to the cloud, even for sensitive data and applications, makes data security in the cloud a big concern. Companies can leverage security solutions such as cloud security monitoring, cloud data loss prevention (DLP) solutions, and user entity behavior analytics (UEBA) to monitor their cloud environments, detect unusual activity, and prevent sensitive data from being stored, transferred, or used in an unauthorized or insecure manner. But what cloud security solutions and strategies should your company employ? To help you identify the most effective cloud security solutions and strategies to protect your company's sensitive data, we've gathered 50 expert tips below.
1. Limit and protect attack surfaces.
An attack surface is a point at which an unauthorized user attempts to gain access to software's functions and data. New software products and platforms often create vulnerable attack surfaces that can allow unauthorized access to your data.
The Accurics State of DevSecOps Report explains, "The introduction of new technologies increases the attack surface. A piecemeal approach to securing different technologies in the stack is untenable. Instead, organizations should implement a holistic strategy that protects all layers of the cloud native stack: serverless, containers, platform, and infrastructure." Twitter: @AccuricsSec
2. Weigh key considerations before choosing solutions.
The first step to having a secure cloud computing service is to choose the right service for your intended usage. With such a huge variety of offers, finding the one that fits your performance and security requirements can be challenging.
Akamai has a framework of 10 questions that cover multiple aspects such as "Does the solution you're considering cover you from end to end?" and "Is your content required in specific regions or do you need to move it across regions?" Twitter: @Akamai
3. Study up on what a good platform looks like.
With over a million active customers, Amazon Web Services is one of the biggest players in the cloud computing space. In this article, they outline what they consider are the requirements for a "modern, robust, industry-leading technology infrastructure platform with all the benefits that the cloud brings to bear."
These requirements span the gamut of considerations necessary to take advantage of the cloud. Some of these considerations include security, global infrastructure, storage, developer tools, and big data. Twitter: @awscloud
4. Use solutions with excellent support.
One of the biggest elements that make the cloud attractive is also the one that has caused most companies to delay their adoption. This element is support.
Using cloud-based technology infrastructure makes it so that you must rely entirely on the support provided by your cloud provider. In this whitepaper, BeyondTrust details how their support team is built and how it can help your data security and compliance. This white paper is written for a technically oriented audience, so you'll find terminology such as, "Using multiple features designed to ensure the security of remote support sessions, BeyondTrust integrates with external user directories, such as LDAP, for secure user management, and supports extensive auditing and recording of support sessions." Twitter: @BeyondTrust
5. Use checklists to ensure better security.
What happens when a massive corporation's cybersecurity is defeated? In the case of Capital One, the personal data of over 100 million customers was compromised. Capital One is one of AWS's biggest clients and supporters. The hacker was a former AWS employee who exploited a misconfigured Web Application Firewall to access the data.
The team at Bitsight goes over lessons like, "Auditing checklists, like this one from AWS, can help with the task of assessing the security of cloud environments. However, they take time, provide only a snapshot of security risk, and are often a low priority for resource-constrained security teams and risk managers," as well as other actionable takeaways. Twitter: @BitSight
6. Focus on your most sensitive data.
Due to the boom in SaaS (Software as a Service) and its adoption across a variety of industries, cloud security has become a big consideration for many businesses.
This article from Box.com (a cloud computing company) goes over the elements of cloud security in an easy to understand way for the non-engineers out there. The author writes, "A crucial component of cloud security is focused on protecting data and business content, such as customer orders, secret design documents, and financial records. Preventing leaks and data theft is critical for maintaining your customers' trust, and for protecting the assets that contribute to your competitive advantage." Twitter: @Box
7. Verify everything.
Your data security is not a once and done kind of deal. Security is an ongoing process that needs to have a long-term perspective. In this article, Josh King from Carousel Industries takes a look into the practical considerations you need to keep in mind, in particular, the fact that you often need to "look beyond glossy marketing material and glossy Uis."
One of Josh's key takeaways can be found in the closing segment of the article: "Trust, But Verify. You're buying security software because there are some unsavory actors out there. Unfortunately, you also need to watch out for possibly sketchy behavior from security vendors and even some of your own staff." Twitter: @Carousel_Ind
8. Determine vulnerability through analysis.
Cybersecurity is clearly a big concern for all industries that rely on cloud computing. But what are the real threats? To answer this, Check Point Research reviews the previous year's incidents to get insight into the cybercrime trends to keep an eye out for.
Their methodology for generating the report in their own words is "analyzing our telemetric, product and vulnerability research, and our own ThreatCloud threat intelligence, we offer a detailed analysis of the cyber trends." You can access the report at this link.
9. Know what's covered in your security solution.
There was a global spend in cloud computing during 2018 which was over $273 billion, and it's expected to double by 2025. The problem comes from the fact that in order to make their services accessible to a wider audience, many cloud computing companies offer extremely basic security services â€“ leaving thousands of companies vulnerable to all sorts of attacks.
From this article by CIO, "...most cloud packages include only basic security. If an extra layer of security isn't added, the customer's entire IT value chain is basically a line of sitting ducks. And since more and more corporate and customer data resides in the cloud, tight IP access can become a serious bottleneck. If the cloud platform is offline, it's game over." Twitter: @CIOonline
10. Build 'Security-First' into your overall cloud strategy.
Migrating to the cloud is a highly attractive proposition for many businesses. However, it requires the execution of a strategy that not many businesses considering the switch are equipped for.
"40% of organizations using cloud storage have accidentally exposed one or more of these services to the public. In these instances, it's not a failure of technology, but a lack of understanding about the importance of security and a lack of skills that put your business at risk." This is one of the examples of how a "Security First" approach should be adopted. In this article, Stuart Scott from Cloud Academy goes into the details of what's required to be successful in implementing cloud computing. Twitter: @cloudacademy
11. Make sure the training makes its way throughout your organization.
There are many solutions ready to secure your data, but there are many elements that need "in-house" attention. Anyone who has access to data (from the CEO to new hires) needs to be on the same secure page when it comes to the governance of the data.
As CloudAcademy explains, "This message must be fed down through the hierarchy of management to all employees. Simultaneously, a clear plan for training and education must run in parallel, allowing employees who need to upskill and learn new technologies, frameworks, and techniques to keep pace with the evolving business demands. If a business moves too fast without an adequate training plan to support its employees, best practices can be overlooked, mistakes can occur, shortcuts may be made, and vulnerabilities will be quietly designed into solutions." Twitter: @cloudacademy
12. Use specific criteria for vetting vendors.
The cloud platform market is booming, so much so that it's forecasted to double in size by 2025. And as a result of that boom, there's an ever-increasing number of players. Microsoft, Amazon, and Google are some of the biggest players, but there are also dozens of cloud service providers for just about every segment.
Cloud Industry Forum created an 8-criteria framework that you can use to make sure that you're choosing the right service provider for your needs. These criteria include "certifications & standards, technologies & service roadmap, data security, data governance and business policies, service dependencies & partnerships contracts, commercials & SLAs, reliability & performance, migration support, vendor lock-in & exit planning, and business health & company profile." Twitter: @UK_CIF
13. Understand challenges in order to better secure data.
There are many threats to data and during the past few years, several have been very high-profile. The question for many is, what are the consequences and implications of these threats?
To answer this, Cloud Security Alliance put together the top 11 cloud security challenges businesses will face in 2020.
Here's the answer to what happens when users abuse and make nefarious use of cloud services: "Malicious actors may leverage cloud computing resources to target users, organizations or other cloud providers. Malicious attackers can also host malware on cloud services. Cloud services that host malware can seem more legitimate because the malware uses the CSP's domain. Furthermore, cloud-hosted malware can use cloud-sharing tools as an attack vector to further propagate itself." Twitter: @cloudsa
14. Know challenges and risks.
The team at Compuquip Cybersecurity looks at the challenge of cloud security from a different angle. Their approach starts by asking, 'Who's responsible for security in the cloud?' It's not just the cloud service provider; there are both internal and external players that need to be involved in order to have a comprehensive security structure.
A lack of visibility and control is the number one challenge, followed by the fact that some cloud providers may not be compliant with industry regulations, according to Compuquip. Twitter: @Compuquip
15. Understand cloud storage better.
For many businesses, having an internal cybersecurity team is not feasible. This is where cloud-based security services come in. They allow businesses of all sizes to have effective cloud security at a price point that they can afford.
As Aaron Tan from ComputerWeekly.com states, "The most important thing to remember is that when companies put data in the cloud, it is imperative that they understand how it is being protected, and do not assume that security is being taken care of." Twitter: @ComputerWeekly
16. Regular security assessment should be included.
One negative side effect of cloud computing becoming mainstream is that it has attracted the attention of hackers, resulting in billions in losses. This threat can be mitigated by implementing a series of best practices from the moment you start migrating to a cloud service.
George Mutune from CyberExperts details 10 of the most effective best practices to keep your data safe. One key takeaway is that "a company should only subscribe to a cloud provider that conducts regular risk assessments." Twitter: @CyberExpertsUS
17. Ensure your solution is as modern as your business.
As the cloud computing market has matured, it has become clear that basic cybersecurity practices aren't enough. There's been a number of high-profile data breaches, such as Capital One's 2019 breach, that have made this evident.
This article from DarkReading.com goes over the concept of converging your data security practices. In the author's words, "There's no magic bullet for getting cloud security right. Take a comprehensive approach to better protect your organization. Security hygiene is still a must, but also look at your risk posture through a data protection lens and implement DLP and behavioral analytics. Endeavor to give everybody who touches data and the cloud a common language of cloud security they can all understand. And stay on your toes â€“ the future is only getting cloudier." Twitter: @DarkReading
18. Fully utilize security protocols and tools in the cloud.
There are a number of nuances when it comes to cloud security. If you're using cloud storage, especially for enterprise companies, the security measures needed are more complicated than most realize. Many enterprises have a security approach, but it's not comprehensive.
According to a DivvyCloud report, "Among enterprises already using public cloud (93%), only 40% confirmed their organization has an approach to managing cloud and container security in place. Additionally, 45% confirmed their organization does not use any of the following cloud security services:
- Cloud Management Platform (CMP)
- Cloud Security Posture Management (CSPM)
- Cloud Access Security Broker (CASB)
- Cloud Workload Protection Platform (CWPP)" Twitter: @DivvyCloud
19. Ask the right questions.
Here are another 10 questions to ask in an article by the team at Entrepreneur.com. This article is geared toward smaller businesses that are looking into migrating one or several of their data management needs to the cloud.
A great point that's made by the article's author is that "perhaps the biggest benefit for small companies is the ability to concentrate on the business at hand and let the cloud-based service handle such worrisome IT concerns as security, maintenance, backup and support." Twitter: @EntMagazine
20. Find trusted solutions from products you already know.
If you're evaluating cloud security tools, you've noticed that vendors use a variety of solutions to safeguard your data, such as User Activity Monitoring, Cloud Access Security Broker (CASB), and Data Loss Prevention (DLP), among others.
The team at FairWarning goes into detail on how each one of these approaches can benefit you and how to choose the security vendor that provides you with the right tools for your needs.
They emphasize the need to keep your decisions criteria simple and actionable. "While there's much to consider when evaluating your options, choosing a cloud security vendor doesn't have to be a hassle. Instead, look to your applications and platforms Salesforce, Office 365, Google Drive, etc.“ for trusted vendors and recommendations as well as independent third-party sources for vetting vendors." Twitter: @FairWarningLLC
21. Everyone is in the cloud, but many are unprotected.
The cloud market is dynamic and rapidly evolving. The team at Flexera.com have put together a report that gives you a complete view of the state of the cloud market in 2020 and where it's heading.
According to the report: "Thirty percent of organizations are at the intermediate maturity level, and seven percent are beginners. Only 10 percent, called cloud watchers, are at the planning stage and developing a cloud strategy. For the first time in the history of this report, none of the organizations reported that they lacked cloud plans." Twitter: @flexera
22. Don't take cloud security for granted.
One of the many reasons why the cloud has seen such widespread adoption is the flexibility and apparent lack of complexity. However, securing the cloud can be more complex than many businesses realize, and ignoring the complexity of cloud security can leave data vulnerable.
As stated in this article, "Organizations tend to underestimate the complexities of securing cloud environments. Applications running on-premises are within a well-understood and stable security perimeter under the organization's complete control. Moving to a cloud or hybrid environment changes this basic assumption." Twitter: @Forbes
23. Misconfiguration often equals poor security.
With the global COVID-19 pandemic forcing a huge amount of the workforce to work remotely, there has been a drastic increase in reliance on cloud platforms. However, this increased usage has also brought forth one of the biggest risks: misconfiguration.
This report, put together by Fugue, goes over the landscape of the risks that configuration errors bring.
"What our survey reveals is that cloud misconfiguration not only remains the number one cause of data breaches in the cloud, the rapid global shift to 100% distributed teams is creating new risks for organizations and opportunities for malicious actors," explains Phillip Merrick, CEO of Fugue. Twitter: @FugueHQ
24. Use established security processes.
Right next to Amazon, Microsoft, and IBM, Google is one of the top players in the cloud computing industry. It's often a good idea to glean information from security-conscious businesses. If you were wondering what their approach to security is, this whitepaper provides a clear and concise answer including details about the technical and organizational controls Google employs to protect your data. Twitter: @googlecloud
25. Mitigate as many risks as possible.
The increase in adoption of the cloud has also brought an increase in security breaches. This whitepaper by HelpNetSecurity goes over the biggest threats to your data security and what you can do to mitigate them.
"According to Cloud Security Risks & How to Mitigate Them, the disconnect occurs from a shared security model. Cloud Service Providers protect the data center, but customers are responsible for safeguarding their own data, and focus is shifting from the provider to the customer." Twitter: @helpnetsecurity
26. Understand the most common attacks, including DDoS.
This report, put together by Intricately, covers two of the biggest cybersecurity threats to the cloud: DDoS (Distributed Denial of Service) attacks and WAF (Web Application Firewall) attacks. DDoS attacks have been the weapon of choice for criminal groups, and they have been used to target the BBC and a series of US banks, such as Citigroup and JP Morgan Chase.
"Companies that handle sensitive customer data cannot afford to skimp on cloud security. Cybercriminals are constantly inventing new ways to infiltrate cloud applications, making it a persistent challenge for companies to properly secure their cloud resources." Twitter: @teamintricately
27. Avoid costly compliance violations.
Cloud security, a subset of information security, is an ever-evolving and highly regulated field. To protect citizens from data breaches, governments around the world create laws and regulations that require businesses to implement certain measures to protect consumers' sensitive data. Should a breach occur and your security measures (or lack thereof) violate these laws, it's often costly.
Edward Jones recently wrote on Kinsta, "To demonstrate the implications of non-compliance, you need only observe Germany's federal privacy watchdog who recently handed 1&1 Telecommunications a â‚¬9.55 million fine for violating the EU's General Data Protection Regulation (GDPR)." Twitter: @kinsta
28. Scrutinize the security measures of resellers.
The team at ModernData has an approach that focuses on 3 actionable tips you can use to find the security provider that fits your needs the best, highlighting the importance of using caution when considering resellers. "Unfortunately, the industry attracts two types of providers you shouldn't trust. Companies that resell cloud products often market their brand as providing end-to-end solutions, while in the other camp sits providers that don't keep up with standards. You don't want to find yourself in partnership with these types of cloud services providers."
29. Use resources from government sources, like the NSA.
Attacks that target the cloud cost the US economy millions of dollars every year. And they are particularly devastating for small businesses, as 60% of small businesses end up shutting down after an attack. So it's understandable that the NSA has a keen interest in making sure the cloud remains as safe as possible, and they've issued some valuable guidance regarding cloud security.
"The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA's guidance on Mitigating Cloud Vulnerabilities and CISA's page on APTs Targeting IT Service Provider Customers and Analysis Report on Microsoft Office 365 and other Cloud Security Observations for information on implementing a defense-in-depth strategy to protect infrastructure assets." Twitter: @USCERT_gov
30. Protect against employee mishaps, mistakes, and misbehavior.
Since cloud-based email services became widespread in the '90s, just about every person and business uses them. Along with widespread adoption comes widespread vulnerabilities, which are usually created by the end-user. This article by Ntiva covers cloud security from user, data management, and service provider perspectives.
"Stolen login credentials, disgruntled employees, accidental deletions, insecure wi-fi connections and other employee mishaps are the reason that your cloud data is at risk." Twitter: @Ntiva
31. Get a solution that can scale quickly with your business.
Oracle is another one of the major players in the cloud computing space. This has given them access to huge amounts of data that they can use to optimize their security and make sure their users have the best experience possible. In this report, they go over the main threats, one of which is that most companies are behind.
The report explains, "Organizations are simply not ready to secure the rate at which the business has already adopted cloud services, creating a palpable cloud security readiness gap." Twitter: @Oracle
32. Consider a layered approach to security.
With the multitude of security threats, rarely can one solution cover all of them reliably. The consensus among cloud security professionals is that a multi-layered approach is often the best way secure your data in the cloud.
The team at PerformanceCloud says, " It's unlikely that any single piece of software, hardware, or one-dimensional service will effectively protect against cyberattacks. Rather, a multi-layered approach combining cloud-based solutions with skilled human resources provides the best protection." The article further explains, "Keeping your data safe requires forward-thinking approaches to cybersecurity. Learn how you can augment your existing on-premises infrastructure with security measures in the cloud for a more robust web security posture." Twitter: @TRIMM_PC
33. IT intersects with cloud security.
One of the reasons why many businesses have delayed their adoption of the cloud is the perceived lack of control over it. This is a very real concern; however, there are many similarities between traditional IT security and cloud security, so there are many approaches that translate to both fields.
This article by RedHat goes over the similarities and differences of each, noting, "The thing is that, for the most part, cloud security is IT security. And once you understand the specific differences, the word 'cloud' doesn't feel as insecure." Twitter: @RedHat
34. Understand the basic principles of security.
Cloud security is a relatively new field that is constantly evolving to keep up with the ever-increasing threats to data. This article by Salam Ismeel from Ryerson University goes over the basic principles and how to apply them.
Ismeel explains, "According to the official NIST definition, cloud computing is a model that allows ubiquitous, convenient, on-demand network access to a shared pool of computing resources such as networks, servers, storage, and applications, which can be provisioned rapidly with minimal management effort or service provider interaction. However, security concerns have always been associated with cloud adoption."
35. Look for ways to cut time and costs without compromising quality.
One of the main drivers of the SaaS (Software as a Service) business model is the speed at which it can be deployed. This is mostly enabled by the cloud; however, with speed also come certain risks that, if not managed properly, can backfire and hurt the business.
SecurityBoulevard.com compiled 7 best practices to make sure you can cut time and costs without sacrificing quality. From the article, "In a SaaS world, everyone wants to move fast! Rapid development can slash time to market and put you in a strong competitive position, and of course this is the way to operate as long as you're not sacrificing quality. But remember: There's bad fast as well as good fast." Twitter: @securityblvd
36. Stay up to date on the latest security challenges.
Implementing a cloud solution can be done with a few clicks and little to no knowledge of how the infrastructure works. This is one of the many reasons why it's grown so quickly over the last decade. However, it comes with some user-driven security challenges. SecurityBoulevard.com goes over the main security challenges for businesses in 2020 in this article.
"Distributed denial-of-service (DDoS) attacks are still a threat to organizations, as bad actors keep developing better offensive measures. Advanced persistent threats (APT) such as eavesdropping, malware or ransomware can take months to detect and several weeks to contain," the author writes. Twitter: @securityblvd
37. Plan ahead and implement best practices for cloud security.
This article, put together by SecurityIntelligence.com, is a checklist of what to do in a variety of situations and what conversations you can have with your cloud service provider to make sure you are adequately managing threats.
"Preparing for cloud security is no longer a luxury, but rather a standard procedure. First, you should consider and understand the three models of cloud computing: infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS)." Twitter: @IBMSecurity
38. Know where your data will reside and protect it well using documented processes.
Even though cloud security has some distinct differences with traditional IT security, they do have some common ground. SecurityIntelligence.com goes over some of these similarities in this interview with an IBM Program Security manager with over 15 years of experience in the field.
They say, "As organizations prepare for and design their path to the cloud, they absolutely have the opportunity to reimagine business processes and an imperative to protect and secure their data at each stage in the journey â€“ including the destination." Twitter: @IBMSecurity
39. You could need a complete security overhaul.
One of the biggest threats to cloud security is not created by direct attacks from hackers, but rather from a lack of focus on implementing timely security solutions.
According to an article by Software One, "While many organizations may believe a cloud environment can be deployed within their existing security infrastructure, this isn't the case. Cloud security requires a different set of policies and controls that needs to be aligned with the organization's information security policies." Twitter: @softwareone_ita
40. Your solution needs to be as advanced and on guard as attackers.
This report by Sophos goes over the biggest cloud security threats in 2020. They cover the state of ransomware attacks, malware, and automation enhanced active attacks and how they are being managed.
"Every year, criminals adapt to the best defenses from operators and vendors in the industry. At the same time, defenders must protect systems and processes with new functionality (read: attack surface area) constantly being introduced, and with an ever-increasing global interdependence on these systems' operation." Twitter: @Sophos
41. Watch your mobile devices for increasing threats.
It's nearly impossible for many companies to work efficiently without mobile devices. Unfortunately, these same tools are vulnerable to attacks. If your employees use their own phones for work purposes, it's even more dangerous.
According to a Sophos report, "In the past year, we've observed a growing variety and variability of the types of mobile attacks criminals use to target smartphone owners. The powerful, pocket-sized computers many of us carry around contain a wealth of personal and sensitive information that reveal much about our daily lives. But attackers need not steal that information to reap the financial rewards of an attack.
"Increasingly, we also rely on these devices to secure our most sensitive accounts, using two-factor authentication tied to either our SMS text messages, or to 'authenticator' apps on the mobile phones themselves. A number of 'SIMjacking' attacks in the past year have revealed attackers targeting the weak link between customers and their mobile phone providers using social engineering, which led to several high-profile thefts of both cryptocurrency and regular cash from wealthy individuals." Twitter: @Sophos
42. Understanding security principles and how you take action are different.
Cloud security and traditional IT security share the same principles; however, there are several instances where the application can be entirely different. This article by SumoLogic goes over some of the key differences and what IT professionals can do to adapt to the cloud's environment.
From the piece, "The principles of data protection are the same whether your data sits in a traditional on-prem data center or in a cloud environment. The way you apply those principles, however, are quite different when it comes to cloud security vs. traditional security. Moving data to the cloud introduces new attack-surfaces, threats, and challenges, so you need to approach security in a new way." Twitter: @SumoLogic
43. Understand features and properly manage controls.
The cloud offers a variety of ways in which it can keep customers' data secure. The biggest problem, however, comes from the user. Most cloud attacks are a result of user-created vulnerabilities.
In an article published at VentureTrend, TechBeacon says, "The reality is, misconfiguring your cloud security controls could very well leave the kind of gaps that cybercriminals are hoping for. In fact, Gartner predicts that by next year, 99% of all cloud security incidents will be the customer's fault due to device misconfigurations." Twitter: @TechBeaconCom
44. Errors and poor planning leave the door open for attacks.
The recent need for remote work has accelerated the adoption of cloud services. However, this urgency has created many instances in which user error and poor planning leaves the door open for attacks. TechHQ goes over the reasons why cloud security has become inadequate and how to fix it.
"The misconfigurations of cloud technologies across the full cloud-native stack are increasing the surface area for attacks and presenting opportunities for bad actors to target." Twitter: @techhq
45. Dispel myths with security facts.
One of the main reasons that many companies have refrained from adopting cloud services is the perceived lack of security. And this has generated a series of misconceptions about the reality of what cloud security really means. TechRepublic goes over these myths and brings clarity on what the real situation is all about, noting that cloud security was a top budget priority for companies moving into 2019 and that today, most organizations recognize the viability of the cloud for safely storing and managing data, applications, and infrastructure. Twitter: @TechRepublic
46. Make sure all solutions and vendors work well together.
Multi-cloud solutions are implementations that consist of using multiple service providers, for example AWS and Azure. This approach has multiple benefits, as it essentially lets you use the strengths of each cloud provider.
The challenge comes with regards to security, which this article from Tripwire addresses. "Getting all of those different entities to work well together takes a bit of careful effort. And properly security hardening such a diverse cloud network comes with its own challenges! Each vendor has its own policies and cybersecurity measures. But it is possible to deploy a reasonably secure and compliance-friendly multi-cloud network. Here are eight best practices that you must keep in mind." Twitter: @TripwireInc
47. Develop and use a framework to choose security providers.
Cloud service providers come in a variety of shapes and sizes. It's this variability that can make it difficult to identify the best CSP for you. According to ThreatStack, the need for a common framework when finding security providers is made clear. "The absence of a common framework for assessing Cloud Service Providers (CSPs), combined with the fact that no two CSPs are the same, complicates the process of selecting one that's right for your organization," they explain. Twitter: @threatstack
48. Evaluate features, solutions, and the provider themselves.
Just like there's a huge variety of cloud service providers, there are also several options when it comes to cloud security solutions.
As this post from ThreatStack explains, "Before choosing a cloud security solution, however, you need to take many considerations into account â€“ some that focus on the solution itself, and others that focus more squarely on the provider of the solution (because, ultimately, you can't separate the solution from the provider)." Twitter: @threatstack
49. Properly vet providers, finding a multi-layer solution.
There are many considerations when it comes to choosing the right cloud service provider. Chief among these is what security services they include with the service you are contracting. Making sure you understand if you will need to have multiple security services and how the costs stack up is critical to making an informed choice.
This article from Whoa gives a fantastic tip for vetting: "When looking for a secure solution for your needs on the cloud, it's important to thoroughly vet each cloud service provider that you consider.
"Security-conscious cloud service providers such as WHOA.com employ multi-layered security for their cloud environments, including:
- Data-at-Rest Encryption
- Perimeter and Internal Firewalls
- Secure Tier IV Data Centers
"These measures all help to improve security and compliance on the cloud by protecting your data from illicit access." Twitter: @WhoaCloud
50. Cloud security is too important to leave up to cloud providers.
With the increase in DDoS attacks, misconfiguration errors, account hijacking, and insider threats, relying on the cloud service providers' security suite is not enough. That's why many experts recommend that end users have their own security providers to cover all the bases. ZDnet.com explores the reason why you can't leave your security in the hands of the cloud provider exclusively, noting, "Cloud-based resources are highly complex and dynamic, making them challenging to configure. Traditional controls and change management approaches are not effective in the cloud." Twitter: @ZDNet