All cloud storage services can be considered to be the most secure cloud storage service because of the efforts service providers make to uphold their side of the shared responsibility model. However, security incidents still occur. So, what makes the most secure cloud storage service secure? You do.
In March 1973, Pink Floyd released the iconic album “Dark Side of the Moon” - the relevance being that the final words spoken on the album are: “There is no dark side of the moon really. Matter of fact it´s all dark”. Had the album been about cloud storage security, the final lines might well have been: “There is no most secure cloud storage service really. Matter of fact, they´re all secure”.
There can be no doubt cloud storage services are secure. Service providers invest millions of dollars in securing data centers, developing zero-trust architectures, and penetration testing. They employ more security experts and security mechanisms than the biggest enterprises and have ongoing audits of their security procedures to ensure they each provide the most secure cloud storage service possible.
So, why do cloud security incidents occur?
Asserting all cloud storage services are secure may seem unusual in light of recent high-profile, cloud-related security incidents at Imperva, Adobe, and PMC Inc.. However, rather than these incidents being attributable to insecure cloud storage services; they, like many other incidents before them, were due to human error - respectively a misconfiguration, an unsecured database, and compromised credentials.
It has been well-chronicled that the vast majority of cloud storage breaches are attributable to human error rather than vulnerabilities in cloud storage services. Yet businesses can avoid most of these errors by implementing three best practices - understand user responsibilities under the shared responsibility model, implement an effective cloud monitoring solution, and automate cloud governance.
Visibility is the key to securing cloud storage services
The division of responsibilities in the cloud depends on what services are being used. All cloud services have different “levels of abstraction”, and the further away the service is abstracted from the physical infrastructure of the data center, the more responsibility is assumed by the service provider. This can make it difficult to see where data is, who is accessing it, and how it is being used.
There is a saying in cloud computing that you cannot protect what you cannot see, and if you are unable to see all your data, it is impossible to secure them against misconfigurations. However, with a real-time cloud security platform such as VMware Secure State, it is possible to track cloud-based resources and analyze their configurations.
Monitoring and automation ensure data remains secure
Most secure cloud storage service providers offer a selection of tools to monitor cloud activity, and some also provide automation tools to alert users when governance policies are violated. Generally, these tools are reactive and alert users to an event after it has happened, rather than proactively preventing the event from occurring.
By comparison, VMware Secure State´s remediation capabilities can be configured to identify cloud risks and initiate an action when a policy violation is identified in order to prevent a potential security incident. Examples of auto-remediation in action include:
- If a user account has multi-factor authentication (MFA) disabled, access to the account can be blocked until MFA is re-enabled.
- Similarly, account access can be blocked if a user´s password does not comply with a password policy.
- Logins from unrecognized IP addresses can be prevented, as can access to data outside working hours.
- If storage volumes tagged with specific tags (i.e. “PII”) are unencrypted, VSS can automatically encrypt the volumes.
- It is also possible to restrict access to storage volumes that are found to be publicly accessible.
Ensure what you store in the cloud is in the most secure cloud storage service
VSS gives you everything you need to ensure what you store in the cloud is in the most secure cloud storage service - visibility, effective monitoring, and automated cloud governance. Furthermore, rather than securing a single public cloud environment, as most cloud-native solutions do, VSS can enable you to secure multiple public cloud environments.
To find out more about VSS´s capabilities and how they can help your business operate in the most secure cloud storage environment, do not hesitate to get in touch. Our team of cloud experts will be happy to answer any questions you have and organize a free demonstration of VSS in action to give you first-hand experience of the platform´s capabilities.