Cloud-security-tips-e1603911679385 5 Cloud Security Best Practices

What are the top 5 cloud security best practices?

Here’s a staggering fact: Each year, cybercrime rakes in more profits for criminals than the illegal drug trade and is predicted to cost the world $6 trillion by 2021. Given this, it shouldn’t be a surprise that cybersecurity attacks are becoming more common and more sophisticated (often targeting the financial assets of a business). So, we decided to sit down with an expert in the field, Michael Argast, CEO and Co-Founder of Kobalt Security Inc. Based on our discussion, we picked our top 5 cloud security best practices.

Read on or watch the full video of our discussion on-demand here


Best Practice #1: Design security for how you are adopting the cloud (IaaS vs PaaS)

If you’re moving to the cloud, the security questions you need to ask yourself will differ based on how you are adopting the cloud. A common mistake is assuming security is the same from one provider to another. For example, if you are using IaaS and moving workloads from a secure data center that provides a lot of security layers to a bare-bones MS or AWS environment where the security isn’t built-in. In the case of IaaS, the Cloud provider is responsible for the hardware and you are responsible for the rest, which includes building in the security layers. For PaaS, your responsibility is limited because you are only responsible for the code and there is more security built into the PaaS environment. It is important to look at your security architecture upfront. This allows you to see who (Cloud provider, your organization, third party) is responsible for what and map in controls for the gaps.


Best Practice #2: Migrate to the cloud quickly to avoid hybrid environments

Hybrid environments can make security more complex. Most organizations don’t have enough resources and expertise for both data centers and the cloud which can leave you at risk. If you are migrating to the cloud, you should do this as fast as possible and/or leave as little behind in the data center as possible. The longer you are in a hybrid environment, the longer you will have a skills gap. 


Best Practice #3: Use Microservices to address multiple entry points

Today’s applications need to talk to several other applications and are connected with multiple APIs. APIs create multiple entry points for attackers. Over the last few years, there has been a shift from a traditional monolithic architecture to microservices and serverless infrastructure. The benefit of using microservices is that it is decoupled from the rest of the system; which defines a smaller surface area of attack. Security can now happen on the API layer and not the network boundary layer.

Read more about securing modern APIs and microservices in this blog from Kobalt Security.


Best Practice #4: Use Proactive Security Methods 

While your response to attacks is vital, getting ahead of attackers and taking proactive steps can help minimize vulnerabilities. Some easy proactive security methods are: 

  • implementing multi-factor authentication, 
  • providing awareness training to educate your staff, 
  • using security monitoring to help identify intrusions, and
  • using penetration testing on your applications.


Best Practice #5: Focus on risks with the greatest impact and highest probability of attack

Security is a balancing act. You want to secure as much as you can but you don’t want to sacrifice your ability to be agile. Use a risk register to analyze the impact and the probability of breaches and attacks on your business. Knowing what will have a critical impact on your business is a good place to start. Taking a security program gap assessment can also help. It shows where you are strong and where you are weak; based on the risks your organization is most likely to face (e.g. data breach, ransomware). That way you know where you should be investing or if you are over-investing in a certain area.


Contact us to learn more about securing your cloud environment.

what-is-multifactor-authentication-1500x630 What is Multi-Factor Authentication and Why Should You Have it?

The Status Quo: Single Factor Authentication

You’re probably familiar with normal authentication by now. It’s made up of typically two things: your username and password. And if you know your username and password, you can get into a site, right? It’s a good basic first level of security. But if you happen to use that same username and password somewhere else, and that site gets compromised, it can be used to compromise other sites where you happen to use those same credentials. And if we’re being honest, those credentials can often be guessed again and again. So single-factor authentication has some limitations, and it’s easy for accounts to be hacked. The solution? Multi-factor authentication.

The Future: Multi-Factor Authentication

So what is multi-factor authentication (MFA)? It combines two or more different factors, typically something only you would know or have. Bank cards are a great analogy in this situation. If you think about your traditional bank card, you need your bank card as well as your pin. Having your bank card alone doesn’t get your cash out of the machine and neither does having your pin alone. You have to have the two of those things in combination. This combined layer of security adds a layer that makes it much harder to compromise. 

Authenticator Applications

There are two classic applications of MFA these days. In addition to your username and password, the site might send you a text message to your phone. This way you have to enter a code in order to authenticate. Although better than single factor authentication, it does have its weaknesses. It can be compromised by someone taking over your phone number or intercepting a message. This would be considered the weaker form of MFA. The stronger of the two would be an authenticator application that runs on your phone and generates codes on a regular basis. This way you have to know your username and password, but also must have access to the exact device at the time of login. 

Why Should You Use Multi-Factor Authentication?

MFA is the best thing that individual users can do to protect themselves. Google and Microsoft have both independently done studies on the effectiveness of adding MFA to protect your accounts. Their findings? It increases the effectiveness of your security by over 99%. In simpler words, it reduces the likelihood of a successful attack to less than 1% of what it would otherwise be. In security, we’re a big believer there’s no such thing as a silver bullet, but multi-factor authentication is as close as it comes. And it’s effectively zero cost for the sites that support it. 

Watch the video from our webinar about Cloud Security Best Practices to learn more about MFA and other ways to stay safe from cybersecurity threats. 

Portfolio Items


Nothing Found

Sorry, no posts matched your criteria