You’re in the Public Cloud, Now What?

by Nick Mancini 0 Comments

Many firms are in the midst of developing a Public Cloud strategy in an effort to reduce costs, gain productivity, and improve the security of their infrastructure.  We’re seeing DR-as-a-Service and Office 365 as the most popular initial projects given ease of adoption for users, as well as having the greatest impact on productivity, security and cost savings.  But don’t be fooled, the ease of adoption and the initial setup won’t mean you’re secure by default…

The functionality and depth of features the public cloud offers to meet the various needs across firms also brings complexity.  It’s important to know the correct ways to configure and allow access through the many layers of protection, because one wrong edit can open holes in your environment that you’re unaware of.  Here are some guidelines for getting it right.

Ongoing Administration

  1. You need to have a managed SIEM to collect logs from your cloud platform and any of the SaaS such as Office 365, Box or Salesforce. Without the correct tools and teams watching and responding to events, there’s no way firms can respond to events in a timely manner, regardless of your size.
  2. Regular configuration reviews of your systems and SaaS applications are important to catch any unapproved or unintended changes to the security of your data. Catching this sooner than later significantly minimizes the risks of a breach.
  3. Review privileged access lists to identify any new or unapproved users added to your account.
  4. Anomalous activity logs need to at least be checked for unusual travel or permission changes, although we really recommend real-time alerting.
  5. Admin activity logs should be reviewed against any approved change controls, flagging any admin changes without a request.
  6. Review system settings regularly to see what has changed as most providers now make frequent system updates or deploy new features to improve security.
  7. Confirm password resets are happening based on your firm’s defined schedule for all users and systems accounts.
  8. Perform regular reviews of external vulnerability scans, ensuring the IP’s included in the scan match what is available on the account.
  9. Monitor your inventory and system utilization for accuracy and correct sizing. Validate any devices that have been added or expanded on over a period of time are approved.
  10. Find ways to improve your ingress/egress security to prevent unwanted threats from gaining access to your data. Regular capture the flag exercises with a capable security company are highly recommended.

Overwhelmed?  We’ve got you covered.

With the amount of growing systems and platforms to help improve security, flexibility, and collaboration, administrators have more systems to maintain and monitor than ever.  Using an archaic strategy to manage each system independently is foolish.  I can’t stress enough how imperative it is now for firms to have a SIEM to aggregate these logs and apply specific rules, as well as utilizing machine learning to help filter through the noise.  Your SIEM, along with a healthy governance program can help identify gaps in configurations and improve your security before the bad guys have a chance to get in.