BUSINESS AND TECHNOLOGY INSIGHTS

Four Parameters of Cloud Infrastructure Security

 
May 28, 2019

Cloud computing has transformed every business across the globe, regardless of size or industry type. From basic productivity tools to massive databases and enterprise-grade applications, the entire enterprise infrastructure is now moving to the cloud. This isn’t surprising given that cloud infrastructure is highly scalable, offers extended portability and modularity for app development, and involves low hosting costs. However, infrastructure security in cloud computing becomes an issue due to the hyper-connected nature of the cloud.

Security measures defined for the on-premise era no longer apply – one could even argue that cloud infrastructure introduces more vulnerabilities for enterprises, opening new touchpoints for hackers to target. As many as 38% executives in TCS’ Business 4.0 Global Study reported data security risk was preventing the adoption of digital technologies. However, according to a Gartner study, 80% of all data leaks occurring in the cloud are due to incorrect configuration, account and access management, and other such IT gaps instead of cloud-introduced vulnerabilities.

To avoid such scenarios, enterprises must make security their number one priority when implementing cloud infrastructure. In this regard, four parameters strongly influence the cloud security strategy of an enterprise.

Parameters of Cloud Security Strategies

Network Security Control: The network has always been the backbone of enterprise infrastructure, be it on-premise or the cloud. At the outset, it is critical to map requirements (in-line with legal and regulatory norms) assessing the current state of network security and the proposed integrations. In virtual environments, orchestrating the set-up, segregating data, proactively protecting assets, and fortifying cloud infrastructure against external attacks are recommended. The cloud provider will deploy a set of default configurations, which must then be aligned to specific security requirements of the enterprise, either by an internal IT team or by an expert and a trusted partner organization.

Persona and Access Management: Cloud infrastructure combined with IoT can help enterprises reach new levels of productivity and innovation. However, this means that data will be accessed from different devices, requiring different encryption mechanisms within and outside the enterprise. Hence, IAM (identity access management) plays a big part in limiting access as per individual persona, virtual machine roles, and need-to-know basis. Analyzing existing cyber security controls, as well as other app security controls for data privacy and protection, is crucial when deciding on the IAM approach. Also, IAM features are unique to each public cloud infrastructure, and require an expert partner with a  mastery of various public cloud infrastructure to customize these for the specific access needs of an enterprise.

Endpoint Security: The weakest link for any enterprise is often the endpoint. Cloud infrastructure allows a virtually infinite number of devices and interfaces to connect to a network. Every device will have to be configured according to organizational security policies, with specific guidelines for IoT and BYOD. Therefore, the targets of security architecture need to be astutely planned, covering IAM integration with different endpoints, followed by security testing to reduce the number of threats. Other measures include regular VAPTs (vulnerability assessment and penetration tests) and threat intelligence tools such as IllusionBLACK, which activates a decoy whenever an attacker is detected.

Governance and Risk Assessment (GRC): After the completion of the cloud security planning and design stage, the environment should be stabilized. Here, implementations must be reviewed even as security controls are continually monitored. Continuous observation of cloud infrastructure should be embedded into an organization’s operational policies. This can be achieved through detailed logs and regular audits, once again unique to the cloud infrastructure of an enterprise.                .

Approach for Implementation: Considering the admittedly difficult shift from on-premise to cloud, enterprises need to develop a prescriptive approach for cloud infrastructure security. Migration plan should include security compliance checks and gap analysis to ensure transition and mitigate risks. Cloud security solutions should not be limited to a specific or predefined approach – instead, cloud security solutions can be synchronized with enterprise requirements by:

• Individually defining the security architecture and migration approach to –

o     Define the actual scope of the work during setup

o     Ensure every aspect of cloud security is mapped perfectly

o     Offer a specific reference point to operations and governance teams

• Hosting and managing enterprise actions in close conjunction with the cloud service provider

• Adopting a define, discover, diagnose, detail, deliver methodology for regular assessments based on industry-recognized CSA, NIST   standards

• Conducting periodic reviews using a robust security management toolkit

• Incorporating best practices as per NIST and CIS-compliance through a four-stage identify, analyze, define and implement, and stabilize process

This approach, considered holistically with SaaS, PaaS, and IaaS-based security solutions, will assist IT decision-makers ensure security for their cloud environment. Enterprises can boldly face risk, embrace innovation, and maintain business continuity with zero disruptions during data migration to the cloud. Connect with us to find out more about how TCS can help you with a holistic cloud security solution.

Samidha Rakesh Chaudhari, whose career at TCS spans 15 years, is a data privacy consultant with the Cyber Security practice. In her current role, she conducts GDPR and data security assessments for TCS customers, recommends risk mitigation measures, and facilitates business continuity management. An expert in cloud security, she has managed many key roles such as location quality SPOC, site manager, and service delivery owner. A TCS Certified Internal Auditor, Samidha is also a certified ITIL Service Management Foundation and Project Management professional with extensive exposure to change management, IT service delivery, IT governance, risk, and compliance.