Managers are not prepared. They are not following the proper rules of engagement. This is especially true when dealing with the constant evolution of mobile device management (MDM) and enterprise mobility management (EMM).
Managers need to know the stumbling blocks. Hybrid clouds are a cost-efficient solution that can maximize an organization’s internal assets with unlimited scalability in the public cloud. Learn the 17 security threats and how to fix them.
Here are 17 hybrid cloud security threats you should avoid and how to fix them:
1 Lack of encryption
2 Inadequate Security Risk Assessment
3 Poor Compliance
4 Weak Security Management
5 Poor Data Redundancy
6 Failure to Authenticate and Identify
7 Unprotected APIs
8 Denial-of-Service (DoS) Attacks
9 Distributed Denial of Service (DDoS) attacks
10 Poor IP protection
11 Lack of Data Ownership
12 Failure to Communicate with Cloud Provider
13 Poorly Defined SLAs
14 Data leakage
15 Poorly-Defined Management Strategies
16 Badly constructed cross-platform tools
17 Disgruntled or Malicious Employees
Lack of encryption
- Shield transmissions from random attacks with cryptographic protocols that include endpoint authentication.
- Employ a reliable VPN.
- Use a reliable proxy server
- Encrypt all transmissions using SSL/TLS to manage server authentication and prevent interception of data off the wire
- Use Secure Shell (SSH) network tunnel protocols to send unencrypted traffic over a network.
Inadequate Security Risk Assessment
- Rigorous risk prevention and assessment must be in place - at all times.
- IDS/IPS systems should always scan for any malicious traffic.
- Log monitoring must be activated and software updates current.
- A holistic approach is the best way to handle network organization security using a reliable SIEM system. This way all enterprise security data can be viewed and easily trended.
- The two clouds must be coordinated. You not only have to ensure that your public cloud provider and private cloud are in compliance, but demonstrate the compliance of the two clouds as they work together.
- The two cloud must meet industry standards for data security when handling sensitive data.
Weak Security Management
- Replicate controls for both clouds.
- Synchronize security data or use an identity management service that works with systems you run in either cloud.
- Maintain in-house data storage for sensitive data not appropriate for the public cloud.
Poor Data Redundancy
Implement redundancy. This can be accomplished three ways:
- By utilizing multiple data centers from one cloud provider
- From many public cloud providers
- From a hybrid cloud
Failure to Authenticate and Identify
- Be diligent.
- Monitor and verify all access permissions.
- Synchronize data security by using an IP Multimedia Core Network Subsystem (IMS).
- API keys must be handled in the same manner as encryption and code-signing keys.
- Third- party developers must be sure to handle keys securely.
- Always verify a third-party before releasing API keys to avoid a security breach.
Denial-of-Service (DoS) Attacks
Denial of Service attacks on cloud management APIs are often caused by sending bad SOAP or REST requests from the enterprise.
- Flow analytics can fend off DoD attacks by reacting to the incursion and redirecting traffic to a mitigation device.
- Keep in mind, the flow analytics tool must be scalable for the amount of traffic it gathers and analyzes. Because it is a slower method, it is not as effective in combating volumetric (DDoS) attacks.
Distributed Denial of Service (DDoS) attacks
Fending off a DDoS attack requires robust in-path deployment of a DDoS mitigation device that continuously processes all incoming and outgoing traffic. The device must be able to act immediately and scale and perform when there are multi-vector attacks.
Poor IP protection
- Completely automated systems are inadequate in classifying IP and quantifying risk. These tasks must be done manually. Risks associated with IP can only be identified once that data is classified.
- Know the source of your threats. Develop a detailed threat model and follow it.
- Create a permission matrix.
- Harden all open source components to prevent incursions.
- Conduct extensive third-party audits.
- Make sure your network infrastructure is secure.
Lack of Data Ownership
- Data ownership and security must be verified. Avoid vendors who cannot provide reasonable ownership expectations.
- Get everything defined from the vendor in a well-constructed Service Level Agreement (SLA) that covers a hybrid IT enterprise. Know exactly who has access to data, what the provider does with access logs/statistics, and the jurisdiction/geographic location of all stored data.
Failure to Communicate with Cloud Provider
- When it comes to security, a customer must let the cloud provider know exactly what security requirements are needed. This eliminates surprises and disasters. The CSA Security, Trust and Assurance Registry details security controls each cloud provider offers in the marketplace. Use it as a reference.
- Ask detailed questions. Call someone else if a service provider cannot provide detailed answers on how they define and protect multi-tenant boundaries, ensure FISMA, PCI compliance and auditing.
Poorly Defined SLAs
- Access permissions and protections must be clarified and security measures well-defined in the service level agreement (SLA). The same applies to expectations and requirements of the cloud service provider.
- Reasonable expectations of service must be clearly detailed in the Service Level Agreement so the customer has recourse if service is disrupted or data is compromised.
- Before signing any agreement, have it reviewed by an attorney.
- Never assume the provider has data leakage covered unless it is in writing. Data loss prevention is key. Cover all bases. Read the fine print.
- Since the enterprise customer owns customer data, security is the customer’s responsibility.
- Security measures must be able to counter infrastructure malfunctions, security breaches, and software errors.
Poorly-Defined Management Strategies
- Management tools and strategies must be consistent for computing, networking, and storing resources over multiple domains. It is a hybrid cloud administrator’s job to make sure this template is in place.
- Cloud management policies should define rules governing configuration and installation; access control for sensitive data/restricted applications as well as budget management and reporting.
- Know exactly what cross-platform tools will be used to manage a hybrid cloud.
- Strictly define access controls, user management, and encryption for the best security.
- Prepare access control policies that define how sensitive data or restricted applications are accessed in both the public and private clouds.
- Use configuration management tools in resource provisioning to reduce misconfiguration errors and automate image-build processes.
Badly constructed cross-platform tools
Define whether specialized tools or a suite of tools are adequate to manage your enterprise. What is needed to do the job? Determine if you require:
- Cloud application migration tools for interoperability and moving apps between private and
- public clouds. Be sure to have cloud monitoring tools that accommodate a virtualized environment.
- Cloud automation tools to maintain access and security needed for dynamic cloud provisioning and VM movement.
Disgruntled or Malicious Employees
- Your Content Security Policy (CSP) managers must have comprehensive security measures that can track employee network activities to avoid this kind of malicious fallout.
- Create an insider threat program with clearly defined strategies.
- Never trust - Always verify. Stop every unauthorized access attempt.
- Implement a strong password security policy.
- Limit access to your organization’s critical assets.
- Develop immediate response protocols that detect and react to any suspicious or malicious network activity. This should include immediate log off, remote locking or session resets.
Learn how to successfully implement a threat-free hybrid cloud into your corporate enterprise.