Protecting data in the cloud can be similar to protecting data within a traditional data center. Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing. This section will briefly review these methods and will note anything that is particularly unique to when these are deployed in a cloud.
Authentication and Identity Maintaining confidentiality, integrity, and availability for data security is a function of the correct application and configuration of familiar network, system, and application security mechanisms at various levels in the cloud infrastructure. Among these mechanisms are a broad range of components that implement authentication and access control. Authentication of users and even of communicating systems is performed by various means, but underlying each of these is cryptography.
Authentication of users takes several forms, but all are based on a combination of authentication factors : something an individual knows (such as a password), something they possess (such as a security token). Single factor authentication is based on only one authentication factor.
One problem with using traditional identity approaches in a cloud environment is faced when the enterprise uses multiple CSPs. In such a use case, synchronizing identity information with the enterprise is not scalable. Another set of problems arises with traditional identity approaches when migrating infrastructure toward a cloud-based solution.
Access control mechanisms are a key means by which we maintain a complex IT environment that reliably supports separation and integrity of different levels or categories of information belonging to multiple parties. But access controls do not stand on their own. they are supported by many other security capabilities.access control is dependent on an identity management capability that meets the needs for the implementation.
How to preserve data integrity in the cloud A crucial component of cloud data security is data integrity — preventing unauthorized modification or deletion, and ensuring that data remains as it was when originally uploaded. The top risks for cloud data integrity include:
There are a variety of methodologies that help ensure data integrity in cloud storage, including provable data possession (PDP) and high-availability and integrity layer (HAIL). Many cloud security management solutions constantly compare the current state of cloud data to the last known good data state and notify admins of any mismatch.
Access control and the least privilege model are also important to ensuring data integrity. Virtual storage solutions pose risk due to file sharing among untrusted tenants. Therefore, it is important to implement a strict data access control before migrating sensitive data to the cloud. Another important best practice is regular activity monitoring of user activity, failed access attempts, modifications to files, and unusual attempts to gain access to sensitive company data.
How to ensure data confidentiality in the cloud
Ensuring data confidentiality is critical for both maintaining trust and meeting compliance requirements. The biggest threat to data confidentiality is the potential for unauthorized access to sensitive data. There are two approaches for dealing with this risk, which can be used individually or together: Discover and categorize your data. To ensure that sensitive data is stored only in protected locations and is accessible only by authorized users, you need to know which of your data is sensitive and where it resides. Knowing exactly what data needs protection will help you set priorities and apply different security controls based on classification results.