CYBER SECURITY TRAINING CENTRE OF EXCELLENCE

czcionka większa czcionka normalna czcionka mniejsza
16 February 2022
Are we ready to work securely in the cloud?
Recently there has been an increased demand for IT services and data processing in the cloud.

An increasing number of COVID-19 cases and related restrictions add to the need of working, learning and trading in the cloud. Simultaneously, the IT market offers new solutions in cloud architecture including more and more functionalities enhanced with new security mechanisms. This brings to mind a key question: Are we ready for secure work in the cloud?

Cloud security depends on both technical solutions used in the cloud architecture and behaviours of those who work in the cloud. Thus, it is important to select the right cloud architecture and to ensure that cloud users maintain the right level of cyber hygiene, which is a collection of best practices preserving cybersecurity.

Security of cloud environment should be upheld by ensuring confidentiality, integrity and accessibility. Confidentiality of data is preserved by appropriately configured authorisation od user access. Data integrity allows to ensure the certainty that the data remains unchanged. Accessibility ensures the data is always ready for processing.

From the perspective of maintaining confidentiality it is advisable to use a private cloud, yet the costs involved make it more reasonable to use a public cloud. The prudent approach, however, would be to use the latest solution in the cloud environment – multiCloud – a hybrid cloud. This environment offers access to a private and a public cloud within one architecture yet not allowing them to be linked. Data transfer is indirect thanks to automation of data flow. Respective scripts send data to a container in the cloud and then to a virtual machine and further on to a private cloud, thus maintaining the required level of security (see picture 1).

 

Picture 1. Architecture of a hybrid cloud

A secure cloud architecture should include standardized elements of security prescribed by authorization centres, such as International Organization for Standardization (ISO) and Cloud Security Alliance (CSA). Yet finally, the cloud security will be a resultant of the security standards used by the cloud provider and the procedures of secure utilization used by the cloud consumer.

The enumeration of the most important security measures that should be taken into consideration when processing data in the cloud should include:

- Multifactor Authentication and user authorisation in the cloud environment,

- creation of individually profiled cloud administrator accounts with dedicated permissions,

- periodic cyber hygiene trainings for administrators and users processing data in the cloud,

- monitoring of data processing and warning of dangerous incidents in the cloud,

- classification of data, with particular attention paid to personal data and strategic data in the cloud,

- use of firewalls, protection from malware and systems of preventing cyber intrusion,

- keeping a risk register to determine the threat level and procedures in case of an incident in the cloud. 

Cloud security is determined by a range of measures aimed at ensuring protection of all data and services from attacks violating their integrity, confidentiality and accessibility. Cloud service providers ensure a secure cloud environment. Yet it is important to remember that cloud service users are responsible for the security of the data and applications that they use in the cloud.

                                   

 

Mariusz Piwowarski

generuj pdf
go-up
Contact

Cyber Security Training Centre of Excellence
gen. S.Kaliskiego 2
00-908 Warszawa
tel. 261837990
fax. 261837983
ecsc@mon.gov.pl

    
  • wersja w języku polskim
  • BIP
We use cookies for statistical purposes. If you do not block these files, you agree to their use and saving in the device's memory. Remember that you can manage cookies yourself by changing your browser settings. More can be found in Cookies Policy.