The beauty of cloud-based resources is that they lift significant strain off IT teams. For example, on-premises servers are replaced with out-of-sight, out-of mind hardware that is fully managed and maintained by a third-party vendor. Even network security on the virtual layer for IaaS deployments is handled by the provider.
That said, by no means does cloud security happen autonomously. As with legacy IT infrastructure, every endpoint connected to the cloud is a window, and if that window is improperly maintained and guarded, intruders will get inside.
To keep that from happening, you should be aware of the following security practices, especially while using cloud-based resources.
1. Use Strong Password Protection
Password protection is typically the only barrier between a hacker and complete access to cloud-based accounts, and this is information that can all too easily be stolen through a phishing email. Hackers will pose as a cloud vendor (for instance, Google) claiming that a user’s password has been compromised. That user may then be directed to a fake password reset page, through which he or she willingly hands over credentials.
To prevent this, employees must be directed to forward all emails of such nature to the IT department. As for preventing brute force attacks and accidental credential theft, consider deploying a password manager that enforces password policies. Ideally, IT would require that all passwords use an original combination of eight to 10 characters with at least one number and a special character.
2. Deploy User Account Control
The ability to granularly control user accounts is vital for ensuring that only certain users have access to certain sets of information. One-dimensional access controls (anyone with a password can access any application or drive) is horribly inadequate. Departments should only have access to information that they actually need, regardless of whether that information is stored on-premises, in the cloud or even in a file cabinet, for that matter.
UAC makes it easier to create and enforce strict controls.
Make sure your that your user account control feature can enforce policies dictating data access.
3. Layered Endpoint Security
Even if a cloud provider promises that their network is 100 percent secure, the simple truth is there’s no such thing. Every endpoint that connects to the network or service is an attack vector. If, for instance, a computer becomes infected with a keylogger, a hacker can easily record login credentials, and just like that, cloud data is compromised.
Don’t forget about layered endpoint security, including bi-directional firewall and active protection. If cyberattackers can penetrate or access a single endpoint, they can worm their way into the network (especially in private cloud environments).
4. Visibility and Control with the Right Tools
User access control, as an offshoot of computer management, is not enough by itself. Organizations need optimum visibility and comprehensive control over their computer environment, including:
- A single management dashboard with the ability to update operating systems and all other software installed on endpoints.
- Application control that prohibits unauthorized executables from running on systems.
- An easy way to re-instate IT configurations on critical endpoints in the event of an incident – could be accidental changes by users, or worse, a malware intrusion.
Contact Faronics today, to know how the Deep Freeze Cloud platform can help you get the optimum visibility and control, to simplify your organisation’s IT operations.