1 / 9

7 steps to secure a cloud Storage server

How to securely leverage the benefits of the cloud by using its strengths to overcome issues that have traditionally been labeled as weaknesses

cloudfirm
Download Presentation

7 steps to secure a cloud Storage server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 7 steps to secure a cloud Storage server

  2. Encryption of data in transition must be end to end All interaction with servers should happen over SSL transmission (TLS 1.2) to ensure the highest level of security. The SSL should terminate only within the cloud service provider network.

  3. 2.  Implement encryption for at-rest data. Everyone thinks immediately about data that is in motion. However, data that is in one place must be protected as well. As Pangam puts it, encryption of at-rest data is “the only way you can confidently comply with privacy policies, regulatory requirements and contractual obligations for handling sensitive data.” It is certainly a best practice in an increasingly complex threat landscape. You want to use the AES-256 standard whenever you store disks within the cloud. Your encryption keys actually also need to be encrypted themselves. There should, furthermore, be a system in place to rotate the master key set at routine intervals. Your cloud provider will also hopefully allow field-level encryption, so that you can encrypt SSN, credit card number, CPF, and other highly sensitive fields.

  4. 3. Segmentation and isolation: The ability of hackers to gain access once, and then roam entire networks seemingly at will, has highlighted the value of network segmentation strategies that make it possible to isolate locations where malware is at work and lessen the potential damage. My team strongly advocates for a layered security approach to combat breaches at every digital touchpoint. 

  5. 4. Data management Many clouds -- and data centers -- suffer from sloppy data management. There are surplus, old or partial datasets scattered all over the storage pool. Trash collection is a huge and difficult task, complicated by versioning of files and a lack of naming discipline that leads to many files with the same or similar names. These are all security risks. The possibility of a critical file getting into a low-security area can’t be ignored. The answer is to first keep a tight grip on data proliferation using deduplication, which was intended to save storage space but security might be a much more important application, and removing extra copies from storage. Deduplication won’t get rid of files in wrong places. This requires a metadata-driven approach that puts a life expectancy and location, copying and other controls on data. These tools are just entering the storage market.

  6. 5. Add protective layers with user-level data security The cloud service should provide role-based access control (RBAC) features to allow customers to set user-specific access and editing permissions for their data. This system should allow for fine-grained, access control-based, enforced segregation of duties within an organization to maintain compliance with internal and external data security standards.

  7. 6. Get a virtual private network and cloud.  In traditional hosting environments, there is a dedicated server, an individual physical machine used by a single organization. A dedicated machine can be divided into either multi-tenant or virtual private servers. In the context of cloud, you want your provider to give you a cloud instance that is yours and yours alone – and to which you would have the sole right to access and control of the data. Customers connect to your datacenter. The traffic that goes back and forth to their virtual private cloud goes to their data center via an Internet Protocol security (IPsec) virtual private network (VPN), a standardized means to send encrypted data.

  8. 7. Control shadow IT Shadow IT accounts for a significant portion of total IT spend today. It is outside of IT's control and insecure, yet most organizations have data flowing back and forth between shadow set ups, usually in the cloud, and corporate-controlled space. This is a major hole in the security wall. The best fix is to provide a more attractive service and kill off the desire for shadow IT. This means being proactive and providing a flexible, agile, cost-driven cloud service, whether that's private, public or hybrid, to your users. SaaS is a related problem. Most SaaS vendors are in public clouds and getting them to comply with your governance can be a challenge. This is a major security issue, since they “own” part of your data and also provide a broad gateway to more stored information. Adding encryption and tightly controlling access to your data are just two big steps towards solving this problem.

  9. Cloud Firm is a leading provider of Cloud Servers in India, Multiple Cloud Server. Chat with our technical experts to get in best cloud server prices, Multiple Coud Server. High performance, Reliable, affordable cloud servers. High bandwidth cloud servers at lowest price. 24X7 supports. Best cloud server provider.We are providing various type cloud servers:• Custom cloud servers(100% customizable)• Cloud Server instant setupPlease visit website for more details: more:  http://cloud.firm.in IT Monteur, B-71, Shalimar Garden Extn-2, Ghaziabad, UP, India-201005 Phone: +91-9582907788       +91-96540164840120-2631048  

More Related