Data Encryption in the cloud
- A cloud environment should support data encryption for data moving both to and from the cloud.
- Check with your cloud service provider to see what encryption policies they offer.
Implement Endpoint Security
- All users need to secure their devices with strong passwords to prevent malicious users from accessing
- using VPNs when accessing cloud accounts via a public Wi-Fi network.
- all devices should contain malware scanning tools to scan USB sticks or hard drives before they connect to a corporate network
Managing access control
- Provide Access control to users
- Assign specific rights and access policies to different users; with this, low-level cloud users won’t have the same access rights as high-level security administrators
Monitor and prevent
- monitor for unexpected behavioral changes in regards to a user’s interaction with cloud data and applications.
- Implement any SIEM tool for monitoring and preventing the Suspicious activity
Implement intrusion detection and prevention systems
- organization can consider implementing artificially intelligent prevention and detection systems
- For Large enterprises, Trend Micro(IDS/IPS) can be used. This has hardware and virtual offering
- Darktrace Enterprise Immune System is machine learning and AI technology for cyber defense. It iteratively learns a unique “pattern of life” for every device and user on a network, and correlates these insights to spot emerging threats that would otherwise go unnoticed