The importance of encrypting your data in the Cloud
When designing and implementing secure solutions, as Security people we always try to ensure that any security components implemented are justifiable, proportionate and help to mitigate an identified risk. An example of this is:
- Identified Risk – The Web Application in AWS could be subject to a Denial of Service (DOS) attack making the service unavailable, which is unacceptable to the Service Owner.
- Risk Mitigation 1 – Implement a Cloud Based Anti-DDOS service to protect the Web Application at the Internet Edge.
- Risk Mitigation 2 – Ensure the Cloud infrastructure is Highly Available by Design and utilises Auto-Scaling Groups and Multi-Availability Zones for redundancy.
Some controls however are a given, and when personal data is involved (PII or SPI) encryption is one of them! At Cyber Security Specialists we are big advocates of encrypting everything – whether in transit or at rest – just encrypt everything!
With the explosion of Public Cloud adoption whether it’s AWS, Azure or Google Cloud encryption is even more important, and the great thing about the Cloud is the fact that the leading vendors make it so easy for you to implement encryption – and in most cases without impacting performance.
Don’t make the mistake that many of the largest Organisations have made in recent months and store sensitive information in plain text. Just look at Facebook’s latest disaster – that specifically between 200 and 600 million passwords were stored in plain text as early as 2012, and were searchable by thousands of Facebook employees. Why these password weren’t hashed or encrypted is a mystery – but Facebook are not alone, Twitter had a similar issue last year.
Encryption has always been a key security control and part of a defence in depth strategy, but has had more of a focus in the last 12 months due to the implementation of the GDPR (General Data Protection Regulation).
An important element of encryption is Key Management – making sure the encryption keys used to protect your data are secured. If your workloads are in the Public Cloud then you need to know about the relevant Cloud Platform Key Management Service:
- AWS Key Management Service – https://aws.amazon.com/kms/
- Azure Key Vault – https://azure.microsoft.com/en-gb/services/key-vault/
- GCP Cloud Key Management Service – https://cloud.google.com/kms/
We have designed and assured hundreds of Cloud workloads for Clients in Government, Finance, Technology and Retail. Let us help make sure your Cloud workloads are secure by design and that you are encrypting ALL of the personal data that you are storing and processing.
For more information please contact Cyber Security Specialists on 0161 706 0244 or email email@example.com to speak with a member of the team.
Thank you for reading!