Best practices for cloud security

Cloud security encompasses a wide range of controls, technologies, standards and procedures that are used to protect data, infrastructure and applications based in the cloud.

Enterprise cloud computing has created a new need: to secure data and access in the cloud in order to use a range of services that enhance our productive activities.

This cloud-based security is an abstraction of traditional security in on-premise data centres, with the benefit of operational cost savings to maintain facilities and hardware.

Cloud service providers implement cloud security measures to protect data privacy and security, as well as to comply with international standards. Cloud security is a joint effort where the customer and the same provider have similar responsibilities.

There are a lot of good practices for cloud security, however, we will name the most relevant for us:

Establishing a strong service level agreement (SLA)

This practice is fundamental when contracting a Cloud provider, since this agreement establishes the responsibilities of the parties involved, where the levels of control over the services and products to be contracted are set, as well as their security.

Establish the design of the security architecture

Both parties must align and detail the security architecture contract used in the environment to be contracted. It is necessary to make sure that the provider provides the minimum conditions such as a firewall, antivirus, anti DDos protection, among others.

Request advanced perimeter protection

Perimeter security plays an important role in safeguarding information, so we recommend requesting advanced security services:

A cloud-based email solution should have the following

  • Antivirus.
  • AntiSpam.
  • Control of information leaks.
  • Possibility of creating specific rules for blocking, including attachments.
  • Email monitoring.

A cloud application solution should have the following:

  • Intrusion detection tools
  • Application Firewall (WAF)
  • New Generation Firewall (NGFW)
  • Attack mitigation tools for DDoS
  • Registry Correlation
  • Content Delivery Network (CDN)

Enabling Ethical Hacking

Properly planned vulnerability analysis and ethical correction for the cloud should be allowed. This type of analysis should be done by a vendor-outsourced company that the company considers reliable.

Why use cloud security?

Greater scalability

The ability to extend or reduce security features in the cloud is a great advantage of adopting this technology that allows it to accommodate business needs at a higher speed, reducing costs and improving performance.

Cost savings in advance

It is a reality that cloud-based security is less expensive than On-premise, because in the first case, #TelcoCloud services are being rented. On the contrary, in the second case it is necessary for companies to build, buy, install, configure and maintain their own security equipment in their data centers.

Lower permanent costs

With in-house data centers, companies must pay for security resources whether they want to or not. On the other hand, with a #TelcoCloud you only pay for the security that you actually use, saving unnecessary expenses in amortizing the equipment that is not used much.

Always updated

As a telecommunications company that is always looking to provide secure solutions, we must be very alert to updates to the advanced security systems we use. And not only that, we also keep our human resources in constant updating hand in hand with our security partners to provide a state-of-the-art service in all aspects.

Who trusts the security in the cloud?

No company is too big or too small to use the possibilities offered by the cloud, and one of them is information security, as in the case of

Large companies: Netflix is an Internet entertainment giant, with a robust platform, is one of the pioneers in relying on Amazon Web Services (AWS) Cloud services, their security needs are managed by providers and this allows them to focus more on business, becoming one of the most powerful streaming platforms today.

Governments: Such is the level of security in the cloud that even some government departments such as NASA handle highly confidential data in the cloud. The cloud allows them to maintain compliance requirements without worrying about anything.

Startups: Cloud environments are the favourite of startups, as they allow for an elasticity of business requirements, allowing needs to scale up as the organisation grows.

Banking and finance: This sector practically depends on IT systems to work, so the cloud is gaining ground in different processes such as

  • Payments by card or through mobile devices
  • Marketing and customer relations
  • Core Banking
  • Human Resources
  • Information Management
  • Storage