The security of cloud services

In France, the national Information Systems Security agency (ANSSI) noted in 2020 a 255% increase in reports of ransomware attacks that target in particular the health sector and digital service companies. These figures are only the tip of the iceberg. Indeed, a recent Senate report shivers down your spine about the increased risk and costs associated with a cyber attack. In 2020, one in two companies would have suffered a cyberattack, and the global cost would reach $ 6000 billion per year from 2021, two and a half times the GDP of France…

Companies are, in part, reluctant to use cloud providers because they do not fully control the access made by the host or by users. More than half of companies consider the risk of industrial espionage to be serious, let alone their liability in the event of a personal data breach.

How much confidence do you need to have in the cybersecurity of a digital cloud service, and if you are a solution developer yourself, how do you design them right from the start? In the design or use of such services, it is best to anticipate.

Check out Ventio’s tips for improving the security of your cloud services, and turn to an expert if you think your business is on the red line.

 

In particular, IT security best practices for a cloud service should cover the following aspects:

 

Establish an access policy

  • Evaluate the criticality of the data processed and the risk in the event of a breach.
  • Limit access according to needs: the access rights granted must be specific to each user, kept to a minimum and only allow access to the resources necessary for the activity or current processing.
  • Log accesses: it is important to keep track of the various accesses or attempts to access resources and data. This can be very useful in locating the source of possible problems.

 

Set up an authentication procedure

  • Define an authentication procedure in order to verify the identity and access rights of people wishing to access resources.
  • Strengthen the means of authentication (double factor, biometric authentication, etc.)
  • Limit authentication (ban on failure, limitation of attempts, etc.) in order to protect yourself from possible brute force attacks.
  • Use strong passwords and unlock codes and plan for renewal deadlines, especially if there is a suspicion of compromise.
  • Define a password or an authentication policy, bringing together the various measures implemented and inform employees thereof.

 

Put in place measures ensuring the confidentiality of your data

  • Implement encryption at rest for your data when possible. This helps restrict access by third parties, including potential cloud hosts.
  • Set up communication encryption (the https protocol for web services, and SSH for network access and communications to servers).
  • Depending on the criticality of the data, assess the relevance of encrypting all or part of the remote servers.
  • Do not store encrypted data and decryption keys in the same place

 

Check the integrity of your data

  • Use electronic signatures (when installing third-party software, for example)
  • Compute and verify checksums for your files.
  • Set up and keep up-to-date a traceability of data access and modifications.

 

Ensure the availability of your data

  • Set up an automatic and regular backup of data on remote storage isolated from the main network.
  • Set up a data archiving system at the end of processing, on a volume other than that of the other backups.

Whether in the use or in the development of a cloud service, security questions must be asked upstream so as not to have any unpleasant surprises after making significant investments. In the design or use of such services, prevention is better than cure, especially in the processing of sensitive health data.

If you plan to use or develop such services, you can contact us for support. Ventio is approved under the innovation tax credit and can guide you in your design and service choices, while answering your questions about the security that surrounds your data.