Cloud Security: A Primer

More data than ever is being offloaded into cloud data platforms, and organizations are more comfortable than ever with uploading sensitive data into the cloud. However, even with the strong security capabilities, many cloud providers offer, it is still prudent for organizations to be aware of the risks that come with cloud-based platforms and to properly manage cloud security.

What is cloud security?

Cloud security encompasses the security, compliance, and governance procedures that prevent system failures, unauthorized access, and other threats to cloud databases. Organizations must make a choice between a self-managed cloud platform and a cloud platform managed by a cloud data provider. For most organizations, a managed database service will be the optimal route. A managed database comes with a set of security requirements the provider assumes responsibility for, such as the safeguarding of key infrastructure, patching, configuration, and access to storage. There are also security requirements that fall onto the customer’s side, such as managing access privileges, preventing unauthorized access, compliance, and encryption of cloud-based assets.

Why is securing cloud databases so important?

Cloud database security is important because as more data is moved onto cloud platforms, there is an increased risk from this data’s exposure and heavier consequences. An Oracle and KPMG’s 2020 study of cloud threats found that 71% of respondents said they use public-cloud databases to store sensitive data, up from 50% the previous year. Considering the rapid increase in cloud data usage in 2020 and 2021, propelled even further ahead by the coronavirus pandemic, it is not unreasonable to believe that figure is closer to 90% in 2022. If a growing amount of the world’s data is stored on these platforms, it makes sense that there should be heightened importance by both the provider and the customer towards security, compliance, and governance.

How is securing cloud data different from data held on-premises?

As we discussed previously, with cloud data, there is an agreement in responsibilities between the cloud provider and the customer. For on-premises, there is no such agreement unless the customer uses a third-party security firm. That means that the organization is wholly responsible for all of the hardware, software, policies, regulations, and licenses, which provides them with far more control than a managed cloud database, but is also a great deal more expensive to operate. This is why the majority of businesses that have yet to make a move to the cloud are mid-to-large organizations, which are able to take the hit in database costs to ensure full control of security. In the cloud, hardware and software upgrades are handled by the provider, which will distribute patches that fix security issues and provide policy and regulation guidelines. The customer must still have a sound mitigation and security strategy. However, security from cloud platforms will not cover all of the potential risks that an individual company may be exposed to. For that reason, it is still advisable for a business using the cloud to define standards, and compliance policies, run vulnerability assessments to ensure they meet regulatory compliance requirements and use data analytics to mitigate vulnerabilities and misconfigurations while also identifying systems with the most exposure to bad actors or negligence.

What security benefits do cloud data platforms offer?

• Scalability – Cloud data platforms have far more resources, which can be adjusted to meet the demands of an application even at times of abnormal usage. As cloud data platforms use a pay-as-you-go model, resources can also be reduced in times of less usage, saving on costs.
• DDoS protection – If an application or website faces a DDoS attack, cloud platforms are able to detect and react to this and disperse large amounts of traffic through the network. This prevents the app or website from going offline, even during the attack.
• Proactive threat management – Cloud data platforms have spent decades improving their security practices and hiring some of the smartest security architects. The platform should provide visibility, tracking, and other tools to enable proper threat management response.
• 24/7 monitoring – Cloud data platforms deploy artificial intelligence and machine learning to monitor application traffic and endpoint security. Customers can implement automated rules, which can prevent attacks even when there isn’t a human available to make a decision.
• Compliance – As a lot of these cloud data platforms are large, international service providers, they are subject to a large number of compliance considerations. Using the cloud platform is a way for businesses to ensure that they are meeting compliance regulations regarding personal and financial information.
• Availability and support – Customers have access to 24/7/365 support from cloud data operators, which includes real-time solutions to app or website disruption and advice when first moving over to the platform. 

What are some best practices to consider?

Even though the cloud data platform can provide a lot of the security to prevent cyberattacks, misconfiguration, network errors, and other threats, it is worth every business using cloud databases to have a set of best practices that are followed.

• Enhanced endpoint security – Securing endpoints is a critical requirement to avoid interception and attacks. By enhancing endpoint security on laptops, mobile phones, and IoT devices, organizations can avoid letting bad actors onto the network without them knowing.
• Tightly controlled access  – Organizations should provide employees with access to only the data they need and not carte blanche access to the entire network. The creation of well-established groups or clusters can help prevent users from accumulating too many access privileges.
• Usage policies – Establishing usage policies through the use of employee monitoring tools can help better identify suspicious behavior on the network.
• Encryption – Implementation of end-to-end encryption can help some organizations better protect sensitive data that may need to be passed around the network.
• Strong passwords (or elimination of passwords) – A solid practice for all organizations, and while it may sound simple, there are a lot of personal attacks that still begin with an attacker cracking a simple password.

A look to the future

Cloud data platforms are continuously improving their security and encryption systems to ensure that all customer data on the network is secure. While some large-scale organizations remain worried about the potential for loss of data on public cloud platforms, experts believe this is more due to the increased social media commotion which happens after a public cloud operator is attacked or goes offline. In truth, the resources that cloud data platforms can put behind their servers make them far more secure than most on-premises solutions, and that is only going to become clearer in the future.

Follow CDInsights’ coverage of cloud security.