Contact Us

Cloud computing
security: Taking
care of your
business

Author: Phil Muncaster

Cloud computing is the engine of modern business. During the pandemic, it's helped organizations to transition to and sustain mass remote working, optimize IT and enhance resilience. But with this digital transformation comes new cyber security threats.

Comprehensive cloud computing security is essential to mitigate the financial and reputational risks of cyber attacks. It should be multilayered and based on a strong and clear understanding of your responsibilities as a customer of a cloud services provider.

Cloud computing security basics

The most important first step to securing your cloud computing security environment is getting to grips with the shared responsibility model. Broadly speaking, doing so will enable you to understand which part of the environment the cloud provider will secure and which areas are your responsibility. No matter whether you're running on-demand software (SaaS), cloud platforms (PaaS) or cloud infrastructure (IaaS), your data is always yours to secure.

What do attacks look like?

Cloud computing security assets were involved in around a quarter (24%) of breaches last year, according to Verizon's most recent Data Breach Investigations Report. The main risks to your data and cloud systems are:

  • Information theft, including customer data and highly sensitive intellectual property.
  • Ransomware, which could hobble your organization by locking you out of your cloud accounts.
  • Cryptocurrency mining, or malware that secretly mines for digital currency, running up large power bills and degrading equipment.
  • Distributed denial-of-service (DDoS) attacks, which could take down your cloud-hosted applications and disrupt the customer experience.

How to hit back

Preventing attacks on your cloud infrastructure and applications can pose a significant challenge. Many organizations are investing in hybrid clouds from multiple providers, which can create extra complexity and security challenges.

However, a good place to start with cloud computing security is by gaining visibility into all of your cloud assets and data and understanding which are potentially exposed. Next, develop and apply policies to protect those assets. Consider the following:

  • Multi-factor authentication to enhance the security of accounts, even if passwords get breached.
  • Strong data encryption using your own keys, rather than the cloud provider's, to minimize risk exposure.
  • DDoS protection from a reputable provider. There are many services available on the market today.
  • Cloud security posture management to monitor your environment for configuration errors and noncompliance.
  • Network-based inspection tools to monitor cloud-based traffic for signs of malicious activity.
  • Patch management tools to automate and prioritize the patching of cloud assets as soon as official updates become available.
  • Anti-malware tools to apply at the operating system and virtual network layer.

Discover how Verizon can help your organization anticipate and protect against these challenges with incident response planning.