Organisations are storing more data online and in the cloud than ever before. As our reliance on internet-based solutions continues to grow, this trend will only accelerate, moving away from on-premise infrastructure.
Amazon AWS S3 Buckets and Google Cloud Buckets are popular solutions. However, security often takes a back seat when setting up and using them, resulting in vast amounts of data being easily accessible to anyone with minimal effort.
Whether owing to a lack of security knowledge, mismanagement, or the absence of a robust password policy, data buckets and other network-connected storage solutions pose significant risks. These risks can be greatly reduced by following some simple steps during the design, implementation, and operational stages.
1. Configuration
The efficiency of your business matters but it shouldn’t come at the cost of reducing your security. Your default security posture should be considered at the most basic level and earliest stages of design and implementation of systems handling organisational data.
Incorrectly configured cloud settings can expose data to unauthorised users. Regular audits (see below) and automated configuration tools can help prevent these issues.
2. Encryption
Use encryption, both on the server and during transmission to prevent personal and sensitive data being acquired in the event that your storage solutions are accessed by malicious actors.
Encryption on the server isn’t always turned on by default so time should be taken to ensure that encryption is enabled, particularly if services are being created dynamically through the course of daily business operations.
3. Role-based Access
The rule of least privilege should be deployed in every aspect; only allowing the minimum access of data to those who require it.
Least privileged access means implementing rights to users that only provide the access they need and no more.
Locking down permissions can be a complicated process but once you have your roles defined, template profiles can speed up the process in future.
4. Multiple Layers of Security
Multi-factor authentication (MFA) is an important consideration – it provides a low-cost and easy-to-implement additional layer of security between the user and the account. MFA is a key component with the understanding that account compromises are often as a result of password issues.
5. Compliance and Legal Issues
Different regions have varying regulations regarding data storage and privacy. Ensuring compliance with relevant laws and standards and standards is crucial to avoid legal repercussions.
6. Logging and Auditing
Logging and auditing doesn’t just help to identify and record where things have gone wrong post-incident, they can also prevent a breach before an incident occurs or identify gaps to prevent potential issues in the future.
Reputable web services have built-in tools for this such as the Amazon CloudWatch which acts as a monitoring service for IT managers. You can detect issues, visualise logs and automate remediation actions or notifications using these tools.
