• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Cloud   »   Arming yourself with a cloud security checklist that covers your apps and data

Arming yourself with a cloud security checklist that covers your apps and data

  • Posted on:November 7, 2013
  • Posted in:Cloud, Security
  • Posted by:
    Jennifer Hanniman
0

In my last blog,  I walked through the shared responsibility model for security in the cloud and the importance of host-based firewalls to both inbound and outbound communication; intrusion prevention capabilities to protect against vulnerabilities even before you patch; integrity monitoring to catch system changes; and anti-malware with web reputation to protect against viruses and malicious URLs.

A great start, yes… but it is just the beginning. Now that we’ve taken care of the operating system and network security, we have to secure our applications and data.

In motion… at rest… let’s talk data protection

As we talk to customers about moving workloads to the cloud, often one of the first topics is the data. As with any deployment, there are very valid concerns around protecting sensitive company data, where the data is stored and who has access to the data.

In addition to being informed and specifying geographic preferences with a cloud provider like AWS, there are other controls that you can put in place to protect your data at rest and your data in motion. One logical and effective control is encryption.

For sensitive data at rest, you need to think about what makes the most sense to encrypt as well as where the keys are stored and managed. For the application you are deploying, does it share data between boot and data volumes? If so, both need to be encrypted. Does your company have any requirements on where the keys are stored? If you must store keys on your premise, then built-in OS features cannot be used since they all require that encryption keys be stored on the system.

For data-in-motion, understanding where your sensitive data is “in-flight” is extremely important. If sensitive data is being sent between the user’s browser and the application, or between the web application and the database, using security controls like SSL or IPSec is recommended.

What about the apps?

With more production applications migrating to the cloud, continuous protection of these applications becomes critically important. When those applications are available through the web and provide customers, partners or global employees the ability to share information, detection of potential threats or occasional penetration testing is not enough – especially as the number of apps increases. We recommended that continuous detection and protection of potential vulnerabilities is in place once the application is in production to complement any penetration testing or any static testing done during development. As mentioned above, you also want to encrypt the channel of communication between the browser, the web app and the database, typically using SSL from a trusted provider.

So, let’s take stock – what is your security checklist for your instances, apps and data?

 

  • Continuous web application scanning to protect against vulnerabilities
  • Boot and data volume encryption with external key management to protect data at rest and keep control of the keys
  • SSL to protect data-in-motion with encrypted channels
  • Intrusion prevention with virtual patching to protect against vulnerabilities even before you patch
  • Host-based bi-directional firewall to prevent unauthorized outbound communication  – with logging and alerting capabilities to make it easier to manage
  • File integrity monitoring to catch unauthorized system component changes
  • Anti-malware with web reputation to protect against viruses and malicious URLs

 

I am sure some of you are wondering – how in the world am I going to deploy and manage all these capabilities? Stay tuned! Coming soon – what to add to the cloud security checklist to make sure you can deploy and manage in your elastic cloud environment.

Related posts:

  1. Data in Motion: The Other side of the Cloud Encryption Coin
  2. Top 10 AWS Security Tips: #8 Encrypt Sensitive Data
  3. Do you have your security checklist for deploying on the cloud?
  4. Building your comprehensive cloud security checklist

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Transforms Channel Program to Advance Cloud Security and Services
  • Exceptional Attack Protection Proven in Rigorous MITRE Engenuity ATT&CK® Evaluations
  • Trend Micro Offerings Are FedRAMP Authorized and Available on AWS
  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.