-
Five steps to avoid a cloud data breach
By Sally Adam
Earlier this week the personal details of more than 10.6 million MGM Resort hotels guests were published on a hacking forum, the result of a cloud server data breach.
With this in mind, we take a look at practical steps you can take to avoid falling victim to a public cloud attack, including how Sophos can help you see and secure your data in the public cloud.
Know your responsibilities
The first step to securing data in the public cloud is to know what you are responsible for.
Pubic cloud providers such as AWS, Azure, and Google offer customers a great deal of flexibility in how they build their cloud environments.
But the consequence of all this flexibility is that they can’t completely protect your virtual network, virtual machines, or data while in the cloud. Instead they run a Shared Responsibility model – they ensure security of the Cloud, while you are responsible for anything you place in the Cloud.
Aspects such as physical protection at the datacenter, virtual separation of customer data and environments – that’s all taken care of by the public cloud providers.
You might get some basic firewall type rules to govern access to your environment. But if you don’t properly configure them – for instance, if you leave ports open to the entire world – then that’s on you. So learn what you’re responsible for – and act on it.