Slideshow

In Pictures: Seven best practices for Cloud security

8 Photos Ryan Francis (CSO (US))

Learn how to protect yourself in the Cloud from the next vulnerability and/or wide scale attack.

  • Safety tips in the cloud Using cloud technologies in your organization comes with plenty of benefits - as well as many risks. Here are seven steps for securing data in the cloud from Alertlogic.

  • Secure your code Securing code is 100% your responsibility, and hackers are continually looking for ways to compromise your applications. Code that has not been thoroughly tested and secure makes it all the more easy for them to do harm. Make sure that security is part of your software development lifecycle: testing your libraries, scanning plugins etc.

  • Create an access management policy Logins are the keys to your kingdom. Make sure you have a solid access management policy in place, especially concerning those who are granted access on a temporary basis. Integration of all applications and cloud environments into your corporate AD or LDAP centralized authentication model will help with this process as will two-factor authentication.

  • Adopt a patch management approach Unpatched software and systems can lead to major issues; keep your environment secure by outlining a process where you update your systems on a regular basis. Consider developing a checking of important procedures, test all updates to confirm that they do not damage or create vulnerabilities before implementation into your live environment.

  • Log management Log reviews should be an essential component of your organizations security protocols. Logs are now useful for far more than compliance, they become a powerful security tool. You can use log data to monitor for malicious activity and forensic investigation.

  • Build a security toolkit No single piece of software is going to handle all of your security needs. You have to implement a defense-indepth strategy that covers all your responsibilities in the stack. Implement IP tables, web application firewalls, antivirus, intrusion detection, encryption and log management.

  • Stay informed Stay informed of the latest vulnerabilities that may affect you, the internet is a wealth of information. Use it to your advantage, search for the breaches and exploits that are happening in your industry.

  • Understand your cloud service provider security model Finally, get to know your provider and understand where the lines are drawn, and plan accordingly. Cyber attacks are going to happen; vulnerabilities and exploits are going to be identified.

Show Comments
Security Watch
Back to top

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?