Archivo de la categoría: cloud security

cloud security

5 Cloud Security Practices

2014 could have easily been host to some of the biggest security breaches ever. Many hackers have adapted to the ever-changing technological advances, but current security practices and technologies can prevent these breaches. Many companies that fell victim to security breaches fell into the compliance equals security trap. This trap concludes that if a company goes to the trouble of being legally compliant, to any number of regulations, then it will be secure. But this is not the case.

 

Security is never a guarantee. However, there are some things that can be done to help prevent serious breaches of security and the consequences that come along with it.

 


cloudsecurity1220

 

-Continuous Visibility: Companies need to have complete and total visibility into their technology assets and services. You cannot secure what you cannot see. You need to be aware of what you have and what it’s doing at all times if you want to keep things secure. Visibility can be a challenge due to the automated, on-demand modern infrastructure.

 

-Exposure Management: Once transparency is achieved, companies need to eliminate obvious vulnerabilities that are known in their networks. Continuous monitoring tools, strong vulnerability and security configuration management technology and practices are key to mitigating exposure.

 

-Strong Access Control: This practice is often implemented incorrectly. Many companies implement access control, however they give excess access. Recent breaches involved valid access control ID’s being used to compromise systems that had nothing to do with its function in the network. The ID’s had access to a lot of information that they shouldn’t have. Limit the access users receive and monitor all user actions.

 

-Data Protection and Encryption: Once all the aforementioned steps have been taken, it is important to encrypt any sensitive information. Both data at rest and data in motion need to be encrypted if they have any sensitive material. Data protection is needed to ensure that even if data gets compromised, it will not get sent outside of the network.

 

-Compromise Management: Few companies actually have plans to deal with a breach and how to mitigate the damage caused. No matter what preventative steps you have taken, breaches can still occur. Companies need to implement courses of action and technologies that allow them to act fast. This includes being able to tell that you have been compromised. This includes file integrity monitoring, intrusion detection, and forensic data for analysis.

 

These steps represent that bare minimum of protection and are suggested for implementation to limit your vulnerability.

The post 5 Cloud Security Practices appeared first on Cloud News Daily.

Cloud computing, cloud security, two-factor authentication

Stay Safe in the Cloud With Two-Factor Authentication

The use of two-factor authentication has been around for years, but the recent addition of this security feature in cloud services from Google and Dropbox has drawn widespread attention.  The Dropbox offering came just two months after a well-publicized security breach at their online file sharing service.

Exactly What Is Two-Factor Authentication?

Of course, most online applications require a user name and password in order to log on.  Much has been written about the importance of managing your passwords carefully.  However, simple password protection only goes so far.

Two-factor authentication involves not only the use of something the user knows such as a password, but also something that only the user has.  An intruder can no longer gain access to the system simply by illicitly obtaining your password.

Authentication Tools

  • ATM Cards:  These are perhaps the most widely used two-factor authentication device.  The user must both insert the card and enter a password in order to access the ATM.
  • Tokens:  The use of tokens has increased substantially in recent years.  Most of these are time-based tokens that involve the use of a key sized plastic device with a screen that displays a security code that continually changes.  The user must enter not only their password, but also the security code from the token. Tokens have been popular with sensitive applications such as on-line bank and
    brokerage sites.
  • Smart Cards:  These function similarly to ATM cards, but are used in a wider variety of applications.  Unlike most ATM cards, smart cards have an embedded microprocessor for added security.
  • Smart Phones:  The proliferation of smart phones has provided the perfect impetus to expand two-factor authentication to widely used internet applications in the cloud.  In these cases, users must enter not only a password, but also a security code from their phone or other mobile device.  This code can be sent to a phone by the service provider as an SMS text message or generated on a smartphone using a mobile authenticator app.  Both Google and Dropbox now use this method.

Yahoo! Mail and Facebook are also introducing two-factor authentication using smart phones.  However, their methodology only prompts the user to enter the security code if a security breach is suspected or a new device is used.

So What’s Next?

Cloud security is a hot topic and two-factor authentication is one way to mitigate users’ well founded concerns.  As a result, development and adoption of two-factor authentication systems is proceeding at a rapid pace and should be available for most cloud applications within just a few short years.

The shift from token based authentication to SMS based authentication is also likely to accelerate along with smart phone use.

Two-factor and even three-factor authentication using biometrics will become more popular.   Finger print readers are already quite common on laptop computers.  Use of facial recognition, voice recognition, hand geometry, retina scans, etc. will become more common as the technology develops and the price drops.  The obvious advantage of these biometric systems is that the physical device cannot be stolen or otherwise used by a third party to gain access to the system.

As with any security system, two-factor authentication is not 100% secure.  Even token systems have been hacked and there is no doubt that there will be breaches in SMS authentication tools as well.  However, two-factor authentication still provides the best way to stay safe in the cloud and it’s advisable to use it whenever possible.

This post is by Rackspace blogger Thomas Parent. Rackspace Hosting is a service leader in cloud computing, and a founder of OpenStack, an open source cloud operating system. The San Antonio-based company provides Fanatical Support to its customers and partners, across a portfolio of IT services, including Managed Hosting and Cloud Computing.