GovLoop

Your Agency’s Cloud Security Checklist

This blog post is an excerpt from our new report, Better Cloud Adoption Through Better Security, download the full report here.

Cloud computing is an integral piece of today’s IT government infrastructure. That means cloud security is top of mind for nearly all government leaders.

Much like other newer technologies, the cloud can be abused or misused: shared responsibility, lack of visibility, internal risks, advanced cyberattacks and more are at play for agencies that move their sensitive data and applications to the cloud.

This new adoption, however, is also presenting agencies with a unique set of security challenges.

Read our full report here to learn more about the top security challenges with cloud and solutions for overcoming them. 

Before implementing the solutions highlighted in our report, here is a quick checklist — from Jeremy Castleman, Federal Cloud Security Consultant at Check Point — of best practices for creating holistic cloud security.

1. Are you aware of your responsibility in the cloud?

“I see many agencies that are not aware of where their responsibility lies when securing the cloud,” Castleman said. “You must know that the basic explanation of this is that your cloud provider will secure the general cloud infrastructure, but anything inside the cloud you must still work to secure.”

2. Are you being alert and watching out for data breaches?

It’s imperative not to be lulled into a false sense of security when moving to the cloud; it’s your responsibility to protect any assets and data you place in the cloud. Native tools provided by cloud platforms are not enough. To keep your cloud environment protected, it’s highly recommended to deploy an advanced threat prevention solution to inspect all traffic entering and leaving your cloud to prevent attackers from targeting your assets.

3. Are watching out for hijacked accounts with extra security levers?

Implement the use of multifactor authentication, as well as good key management practices when utilizing public cloud environments.

4. Is your workforce properly trained?

“Proper training and alignment of all disciplines is more critical than ever when migrating infrastructure to the public cloud,” Castleman said.

5. Are you focusing on encryption?

As a rule when using public cloud services, make sure to trust no one and encrypt everything. “This is true of any data stored in the cloud, but should also be true of any data transmissions to and from the cloud,” Castleman said.

6. Are you partnering with a trusted vendor to deploy the right platform?

From the constant threat of malware to malicious users and misconfigurations, there are a number of specific challenges organizations face when moving data, assets and workloads to the cloud. It’s important to not only understand these risks but also to identify a vendor with the technology and techniques to properly secure your cloud environment.

Photo by Glenn Carstens-Peters on Unsplash

Exit mobile version