Cloud Security: Work online safely

Do you stream music? Or interact with your colleagues via in-house chat systems? Then you’re already familiar with cloud computing – using cloud services has become an integral part of daily life. Companies are relying more and more on cloud servers to handle rising data volumes or to react to employee needs flexibly. With the increasing technological possibilities, the subject of cloud security grows.

Step 1: How cloud security works

Cloud computing services offer multiple benefits and usually also high cloud security. However, it’s important to inform yourself about possible risks beforehand to make the right decision and react accordingly should anything occur. We summarized what you need to know about a secure cloud as a private person or company and what to consider when selecting a cloud service.

Check connection quality

Cloud computing requires a solid base. And many companies in rural areas face the challenge of having insufficient broadband connectivity. Those who have an internet access with a mere 6 megabit per second should not order cloud services for 100 employees. Otherwise, they might find their productivity and motivation considerably curbed when applications only react in slow motion due to low data transfer speeds.

Therefore, in the long run it is crucial to combine cloud computing with another innovative technology for a speedy and flexible data access: the future mobile communications standard 5G. This standard offers 100 times the transmission speed of LTE networks which has a positive effect on security due to reduced data transfer times. This means that data can be uploaded or downloaded particularly quickly – and new opportunities for secure cloud computing arise.

Network security through staff training

Knowledge equals protection. Therefore, companies should regularly train employees on cloud data protection and sensitize them to the importance of access data: those familiar with network security can detect discrepancies quicker and draw attention to conspicuous events. Cloud security solutions can provide additional safety. They register unusual activity of presumed users and report them, allowing companies to act quickly and take countermeasures.

Step 2: What are cloud security requirements

Set your own cloud standards: Which cloud security challenges should you be aware of? And how can you reduce the possible risks of cloud computing?

Uncover system weaknesses

Stay alert: Cloud IT and network systems can harbor security gaps and weaknesses. Before using cloud services, always ask providers if they perform regular security scans and apply according software patches in a speedy manner.

Network security for cloud computing

Most service providers maintain high cloud data protection regulations and security measures. Those employing cloud computing services have the advantages of obvious cloud computing benefits while also being able to rely on excellent cloud security. This is a highly important prerequisite, as cloud security is indispensable when it comes to transmitting and storing sensitive data. It is about creating a continuous “chain of trust” from an IoT device, across the edge platform and cloud architectures. Just how seriously a cloud service provider treats data security can be confirmed by ISO certifications or cloud certificates provided by organizations such as EuroCloud or Cloud EcoSystem. These certificates, such as ISO 27017, IS 27018 and BSI C5, are only awarded to service providers whose solutions meet strict security requirements.

Cloud security and compliance standards of service providers

Cloud service providers must adhere to strict security and compliance regulations. Since May 2018, these include regulations of the EU General Data Protection Regulation (EU-GDPR). Cloud providers violating cloud GDPR regulations can possibly lose data or be accessed by third parties. In these cases, not only the providers are subject to heavy penalties and a loss of reputation. Private and commercial users also have obligations, as the responsibility for cloud protection cannot be passed to the provider. Therefore, make sure to comply with GDPR requirements when choosing a cloud provider.

Protection from insider access

Strictly speaking, one supposed cloud security risk is actually not one, as it concerns companies on a fundamental level: attacks by their own employees or by those of the service provider, so-called insiders. These attacks are particularly nefarious, especially when they involve employees with extended access rights, such as administrators. According to a study by the consulting firm KPMG, 20 percent of data theft cases within German companies can be traced to insiders. It is therefore highly important to regularly monitor the activities of these user groups.

Step 3: How to master cloud security challenges

Anticipate possible cloud security risks to reduce them and create solutions.

Cloud denial-of-service (DDoS) attacks

Which cloud is potentially safe? Before choosing a provider, address topics such as network traffic monitoring and the use of various protection systems. For example, if attackers flood a cloud service with requests from multiple hijacked computers (so-called denial-of-service attacks), your own service will be blocked. In these cases, providers are obliged to take appropriate precautions. Automated incident responses and recovery routines are particularly recommended in the case of an attack to provide security teams with the needed capacities to search for causes, react, recover and protect as quickly as possible. To achieve a higher cloud security, also clarify these scenarios with your provider.

Edge computing creates cloud security

A particularly intelligent solution to handle large amounts of data is edge computing. This is an ideal extension to the cloud, as it provides computing capacities available at the edge of the cloud, i. e. decentralized where data actually occurs. A microprocessor collects data independently from the cloud, derives actions from them and channels them. These processes take place at the edge of the transition between two data points. Edge computing provides a great advantage to cloud security, as the data is filtered, bundled and anonymized before it is transferred to the cloud.

As enormous amounts of data flow from various IoT devices to the cloud or edge, both fundamentally increase the attractiveness for cyber attacks. Securing cloud and edge server platforms along with IoT devices is therefore highly important.

Learn about the in-depth advantages of edge computing in terms of a secured cloud along with practical applications, for example in Infineon alarm systems, in Edge Computing: Everything you need to know.

Cloud security and encrypted cloud

It’s a fact that when used correctly, clouds provide more security. This is also the conclusion of a survey of American companies: 22 percent cite the higher security of cloud providers as the greatest asset in cloud computing. The plus in security is a benefit listed even above higher efficiency and better scalability of IT resources. For example, trusted providers prevent cloud infrastructure attacks by having highly efficient cyber defence centers and regular patch cycles for data encryption. It is important to note that data should not be encrypted in the cloud alone, but also when it is transferred there. Private and, of course, commercial users especially should therefore use devices that do not use plain text during data transfer. This is where the idea of edge computing also comes into play and thus contributes significantly to cloud security.

Safe program interfaces

Interfaces (Application Programming Interfaces, short: APIs) facilitate the connection between in-house IT systems and the cloud. They should not contain any security gaps as the connection to cloud services is publicly accessible. This requires appropriate expertise within the own IT department to protect the in-house interface. Of course, this applies to the cloud provider as well.

Step 4: Four golden rules as the basics for sustainable cloud security

The chances and benefits of cloud usage are predominant. On the other hand, the challenges of using a cloud can be handled. Private households and particularly companies can actively and effectively protect themselves against possible risks. See for yourself how you can employ four golden rules to ensure your network security, regardless of the cloud provider’s services:

1) Data center location and cloud data protection

This is one of the most important safety rules: Those using a cloud must be aware of where their data is stored. Cloud services store information in multiple data centers, some of them overseas. This can lead to potential violations in data protection laws when handling personal data and business-critical information. For this reason, customers of many cloud service providers can now specify where their data should be stored. For example, you can specify if you want to exclusively use a cloud in Germany. Services and applications handled in a “German cloud” are subject to the comparatively strict German data protection guidelines. This provides optimum protection for particularly sensitive personal data and therefore increases your cloud security.

2) Encrypted cloud and encrypted data transfer

Encryption is immensely relevant for cloud security. Encrypted data that is not provided in plain text is difficult to access for third parties and as a consequence, less useful. Companies with particularly high security standards can use encryption hardware (Hardware Security Module, HSM). German companies still have some catching up to do, especially when it comes to encrypting data in public clouds: according to a survey by the antivirus specialist Bitdefender, only one in nine companies encrypts their information. The backlog in the implementation is therefore high.

3) Network safety with local backups

Backup experts advise not to store important data in a cloud computing environment exclusively. Though cloud providers usually create backup copies to avoid a loss of data, it is advisable to regularly create your own backups. Store at leaste one copy at home (off-site backup) or within your own data center.

4) Cloud safety through user authentication

One important security measure is employee authentication. Only authorized people should be allowed to access data and ressources within a cloud environment. Increased protection can be achieved by using multifactor authentication. This not only requires a username and password, but access to cloud services is only confirmed after another verification. For example, this can be a PIN sent to the mobile phone.

Outlook: the future of cloud security

The possibilities of cloud computing are continuously increasing and with them their advantages. At the same time, cloud security requirements are equally on the rise.

As a result, establishing artificial intelligence (AI) systems not only requires appropriate cloud-based computing power for AI services such as machine learning (ML), but also the accordingly secure handling of integrated learning data. This is because some machine learning processes collect user data to enable automatic improvements to the system. Consequently, the user data has to be anonymized, while also respecting user privacy. In such cases, special sensors can help provide accurate readings when collecting relevant data.

Scale possibilities and reduce cloud risks at the same time: sensor-based safety solutions provide ideal protection for cloud and edge-connected devices. Learn more about the Infineon cloud platform and device security applications.

 

Benefits and risks of cloud security at a glance

Benefits:

  • Edge Computing: In edge computing, data is filtered, bundled and anonymized before being transferred to the cloud. This increases cloud security.
  • Multifactor authentication: Users not only provide username and password, but must confirm cloud access through additional verification.
  • Encryption: Encrypted data that does not display plain text, is difficult to read for third parties and therefore less useful.
  • Location selection: Select your service provider location according to current data protection policies as well. German clouds are subject to comparatively strict laws.

 

Risks:

  • Insider access: Attacks performed by own employees or those of providers, so-called insiders.
  • Denial-of-service attacks: How does the provider monitor network traffic and which protective systems do they employ.
  • Safety and compliance standards: Cloud service providers are subject to strict safety and compliance standards, i. e. those of the General Data Protection Regulation (GDPR). Not only commercial, but also private users are obliged to be aware of this. The provider cannot be held responsible