So, you are thinking of moving to the public cloud, or have already made the move. While there are many benefits (we will not list them) to moving to the public cloud, proceed with caution. The biggest threat to cloud security does not come in the form of bots or zombie networks or hackers, it is cloud misconfiguration. Research shows that more than 70% of companies have at least one major misconfiguration in their cloud environment which impacts security and may leave them vulnerable to more risk. That means 7 out of 10 firms just made it a little easier for threat actors to potentially breach sensitive data.
Recommendations
If you are exploring the cloud, become familiar with all the tools available to you before moving applications and data to it. If you are already in the cloud, perform a holistic assessment of your environment. Whether you are in the cloud, or not, consider these recommendations.
- Develop a full inventory of resources (e.g. virtual servers, security groups, storage, databases, containers, VPN configurations, etc.)
- For Office 365, gather users, groups, compliance rules, mobile device management rules, conditional access policies, etc.)
- Ensure your configuration of cloud resources are doing exactly what you expect them to do, and no more.
- Remove stale or test configurations that no longer serve a purpose.
- Document changes as you make them. Some of the solutions offer change management tracking. (https://aws.amazon.com/config/)
- If you are using Microsoft Azure (Office 365 and Azure can operate independent of each other) leverage the Secure Score: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score
- Do not just rely on Secure Score because not everything is scored. You want to ensure you assess everything you use the cloud for.
- If you are using Amazon AWS consider using the Security Hub https://aws.amazon.com/security-hub/ and AWS config https://aws.amazon.com/config/
- If using Google Cloud Platform leverage the Security Command Center. https://cloud.google.com/security-command-center/