Cryptographic algorithms undoubtedly confer several benefits on Cloud users. Encrypting volumes will protect the volumes from snapshot cloning or being explored by the Cloud provider or by physical drive loss. The encryption may be instance managed, externally managed, or proxy encryption. But, is that enough?
While encryption may challenge the hacker and/or intruder and help the novice user achieve a modicum of security instantly–encryption is obviously not enough. A poorly secured Cloud deployment can negate all the benefits that may be derived from encryption.
Well architected Cloud deployments focus attention on all kinds of available security protocols and takes advantage of them.
Security begins with limiting administrative access. Your employees may be trustworthy, but any system can be made vulnerable due to a moment of negligence. There should be only one single administrator with administrative privileges. All others must be users, who derive their rights and permissions from the administrator. Passwords should not be shared and employees must understand that their vigilance will help the organization maintain security at all times. It is often not the outsider who causes the security breach, it is the careless insider!
Compartmentalize. If you are on a flat Cloud, you are vulnerable. The absence of layers reduces the layers of security you can create. Compartmentalization is important. Segregate at the management level. Create domains, groups, systems and servers. Limit access to the resources at different levels based on a well defined user access policy. Security will be layered, compartmentalized. Even if one layer is penetrated, all data will not be lost.
Vigilance is everything. Keep the audit logs. Study them constantly. Make snapshots of instances, security groups. Secure the snapshots following all the object storage rules. Keep your data storage snapshots segregated from user information and applications. Automate the generation of alerts.
Understand that the ultimate access point is the physical server. Physical security is as important as electronic security. It boils down to locking down the storage architecture. Ensure that everything contained in the servers is constantly updated, effectively configured and securely accessed.
Proven track records are testimonials. There can be no dispute on the truth that the proof of the pudding is in the eating. Check back on the service provider. What is their track record? Is it clean? If yes, you have got yourself on to a good start. Top notch Cloud backup service providers will be security conscious even if you are still negotiating the learning curve!