Security is always a major focus for any cloud deployment. With the consequences for failing in this area higher than ever - both financially and reputationally - making this a top priority is an essential part of any company's IT strategy.
While SaaS solutions are often at the heart of these efforts, as they’ll be the tools handling firms' most sensitive and confidential data, it's also vital that the underlying infrastructure isn’t overlooked.
Indeed, IaaS tools are increasingly important to many business' cloud environments. They provide virtualized computing resources, networking and storage services at a low upfront cost with high agility and scalability, making them an ideal fit for many firms in the current fast-evolving business landscape.
The growing need to secure IaaS services
IaaS systems may become a more tempting target for criminals as they play increasingly prominent roles in many businesses. According to Gartner, this is the fastest-growing form of cloud computing, with the sector seeing a 37.3% increase in investment in 2019 to reach a value of $44.5 billion.
Demand for such services is also likely to have been boosted by the events of 2020. Sid Nag, research vice-president at Gartner, observed that many firms were forced into adopting public cloud services as a result of the COVID-19 pandemic and are unlikely to return to on-premises alternatives now they have experienced the benefits. He said:
This is likely to mean many more opportunities for hackers to exploit, especially as companies unfamiliar with the security requirements of the services come to the technology for the first time. Therefore, having a comprehensive plan for securing these tools is a must.
4 areas to focus your IaaS security efforts
To secure your IaaS infrastructure, there are a range of areas that must be addressed, including cutting out common mistakes and taking a granular approach to who is allowed to access services. Here are a few best practices to keep in mind.
1. Encrypt your data
Any time data is moved between cloud environments, or from cloud to on-premises services or vice-versa, it could be vulnerable to interception or other unauthorized access. Therefore, tough encryption is vital, so even if data theft does occur, the information will be useless. Yet this is often something businesses fail to do. According to Palo Alto Networks, 43% of cloud databases are unencrypted.
There are a range of solutions for encrypting data that use IaaS systems. It can be done on-premises or in the cloud itself, using either the firm's own keys or those offered by IaaS providers. It's also essential that data is encrypted both at rest and when in transit.
2. Crack down on configuration errors
Misconfigured IaaS systems are one of the main causes of vulnerabilities. It’s estimated that the average organization has at least 14 misconfigured IaaS instances running at any given time, which means an average of 2,269 misconfiguration incidents per month - any one of which could provide an opportunity for an attacker.
This could involve anything from failing to change default passwords to leaving storage services accessible from the open internet. Many users coming to IaaS for the first time may believe the responsibility for configuring services correctly lies with the provider, but this isn’t the case. It's actually up to the end-user to look after this, so it's vital they have the right tools to spot any misconfigurations or other errors.
3. Use advanced permissions and authentication
An especially common error for cloud users is a failure to manage permissions correctly, which often leads to users having far more open access than their role requires. This can be easily exploited by attackers using techniques such as spear-phishing to steal credentials, or even by malicious insiders.
Prevent this with an advanced permissions strategy that relies on the principle of least privilege. This essentially means ensuring that users have enough access to perform their roles, and no more. At the same time, it's vital to remove permissions from inactive accounts quickly.
This should also be paired with strong authentication measures to ensure users taking advantage of their access are who they claim to be. Enabling two-factor authentication should be a minimum requirement for this.
4. Tackle shadow services
Shadow IT is often associated with SaaS services such as consumer cloud tools that can be easily provisioned by individual departments or individuals without the IT team's knowledge. But it can also apply to IaaS services, so this is something cloud professionals must look out for.
This may often happen when developers need to complete a task quickly and find third-party tools that can help do the job. Conducting a full audit of your cloud infrastructure is essential in identifying any services that haven’t been approved and certified as secure. This may be made easier with the use of a cloud access security broker that can monitor activity and highlight the use of unauthorized services.
Further Reading
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...