Secure in the Cloud!
How to seamlessly integrate cloud services into your corporate network
… without compromising on transparency and security!
With the growing range of cloud services, the issue of security is increasingly coming into focus. Public cloud vendors generally only protect their own infrastructure against attacks and only take responsibility for the overall security of the data center, the cloud platform and the network infrastructure. According to the principle of shared responsibility, the customer is responsible for the data stored in the public cloud.
Using multiple cloud platforms makes it increasingly difficult to achieve transparency and efficient security. As your company provides different security solutions for each cloud platform, the risk of security vulnerabilities, complexity, and compliance monitoring problems increase.
Security requirements for the use of cloud services
An effective cloud security strategy is based on the following components:
- Monitoring of all security incidents of the cloud used
Use the mechanisms or sources of information made available by the respective cloud provider and automatically integrate them into your existing monitoring. - Risk management for all cloudsDepending on the cloud provider, consider what types of data are to be stored and processed in the appropriate clouds. In particular, the commitments of the providers in terms of physical location are crucial here.
- Consistent compliance with security policies throughout the entire network
Raise the awareness of your company’s employees and inform users that the cloud is not part of the internal network, but a platform that is protected, but still partly available on the Internet and accessible to the public. - Compliance with legal regulationsWhen deciding which data to store and process in the cloud, legal regulations such as the GDPR as well as ISO certifications are relevant.
- Uniform user and action-based authentification
When choosing cloud providers, make sure they can integrate in your company’s existing authentification mechanisms.
Where dedicated network connections reach their limits and managed VPN connections offer more security
For a secure connection from the corporate network to the public cloud, the leading public cloud providers AWS and Azure provide a service that establishes a dedicated network connection to the respective public cloud. This service is suitable for connecting a central location to the respective cloud provider. However, when connecting globally networked and fully meshed branches, the service reaches its limits.
Therefore, for reasons of security and flexibility, it is advisable to establish managed VPN connections to the cloud gateway in certain regions to provide services centrally.
In this case, a virtual firewall in a public cloud can be set up as a VPN destination to connect your locations in the respective region and to ensure that the corresponding public cloud services can be used via this secure connection.
This ensures seamless integration of cloud services into your corporate network – without compromising on transparency and security!