Cloud Assessments: Security Solutions for Yourself and Your Company
Inside and outside of the information technology field, there are many professionals who view major cloud service providers such as Amazon Web Services (AWS), Azure, and Google Cloud as panaceas. If you have ever worked at a company modernizing its IT infrastructure, you have probably heard these phrases (or variations of them) before:
“All of these security problems will be resolved when we move our application to the cloud!”
“We won’t have to even look at our server logs anymore, the cloud will take care of it for us!”
“As soon as that system is in the cloud, no more issues with network policies, we won’t have to do anything!”
There may be some scenarios where the aforementioned proclamations are true, and that’s great! But the reality is that cloud service platforms are like any other piece of human-made information technology: it can be configured in a way that leaves individuals and companies vulnerable for exploitation.
Any small business owner would be thrilled at the prospect of saving hundreds of dollars in hosting fees by moving their company’s static website to an AWS S3 bucket. Yet, if the S3 bucket’s public access policy is configured to give anyone read/write permissions accidentally, all of their customer’s PII could be exposed, along with valuable information about the company’s proprietary business practices.
Likewise, a medium-sized IT business could leverage AWS AppStream 2.0 to quickly deliver a newly needed application to a large business customer on an enterprise scale. But if this company forgets to set the disconnect time-out policies to a reasonable time, this service could rack up thousands of dollars in unnecessary charges for your customers.
In order to avoid these scenarios, companies would be wise to conduct a cloud security assessment, where they would go service by service to check their policies in order to ensure a strong baseline security posture.
E-INFOSOL conducts these assessments for a wide variety of customers. Our company has decades of cumulative experience in cloud operations and cybersecurity and we apply this knowledge to ensure that cloud service configurations are not set up to perpetuate vulnerabilities. We can examine your cloud system and make a detailed set of recommendations for the cloud services your company utilizes in order to keep your assets safe.
There is never going to be a perfect situation when it comes to security. It is a constant evolution: the threats are forever changing and the technologies on the offensive and defensive side of the dynamic are always evolving. But taking simple steps to ensure that the basics of securing your cloud services are covered is essential and E-INFOSOL can be there to help you every step of the way.
About the Author
Daniel Broder is a Cloud Security Developer at E-INFOSOL. He has a B.A. in Communication Studies from The College of Wooster and an M.S. in Cyber Security from Marymount University. He is the proud father of two amazing kids and loves to travel, listen to music and cook vegan meals when he can.