Woman using tablet

10 Ways to Keep Your Data Secure in the Age of Cloud

SHARE

[Editor’s note: We asked David Wippich, SVP & CTO of Ingram Micro Cloud and CloudBlue, to comment on recent industry news regarding cybersecurity. What follows are his thoughts on how resellers and service providers can protect themselves from security breaches.]

It seems like every day there’s yet another data breach or security hack in the news. As cloud adoption continues to grow, the security of cloud services is of increasing concern. As the developer of CloudBlue and the leading Cloud Marketplace provider, Ingram Micro takes the security of our customers, employees and their data very seriously. Security is not something you just set up and let run; it’s something you do every day, night—and the first thing you think about every morning.

While no systems or processes are perfect, there are key actions you can take to minimize the risk to your data and environment. Here are 10 things we do to keep Ingram Micro Cloud Marketplace and the CloudBlue digital commercial platform secure that can help with your cybersecurity efforts as well:

1. Go deeper on security
Creating multiple layers of defense has been a key principle in security, whether you’re securing a medieval castle, traditional data center or cloud-hosted data center. This involves layering security controls from your edge network (or outer castle wall) to your internal databases (or keep). The security controls vary from implementation to implementation using edge firewalls, proxies, web application firewalls or moats.

2. Build network segmentation and firewalls
Good security starts with choosing your network wisely. Just like with castles, a location impacts security as much as any other security defense you might consider. In this case, your internal systems or services should sit on non-routable IP blocks wherever feasible.

As we move to cloud services, this isn’t always possible given the limited control associated with software-as-a-service (SaaS) and platform-as-a-service (PaaS) services, making the task more challenging. However, some cloud providers now offer an option to have your SaaS services hosted on internal, private networks. Be sure to thoroughly evaluate these options.

Similarly, by isolating operating environments, you can customize your defenses to the environment and reduce risk to other environments. For example, corporate environments can be isolated from customer environments.

Beyond that, the firewall is typically your first ring in your perimeter defense and something that should be constantly monitored, assessed and reassessed. Proper configurations and placement of all critical servers behind the firewall (even cloud servers) is imperative.

Using cloud provider native tools (such as Azure policies or AWS Config) or third-party infrastructure automation tools, every instance can automatically be provisioned behind the firewall with network rules enforced throughout its lifecycle. After all, your castle’s outer wall will only protect what’s inside if all the gates are closed.

Continuous monitoring of the network will identify any firewall misconfigurations, and services that are exposed on the network must be regularly tested for vulnerabilities. Additionally, IP assignments by cloud service providers for your services can be automatically obtained via APIs and native tools, removing the need to scan large IP blocks for active hosts.

3. Exercise more control for greater protection
Obviously, access in and out of your perimeter needs to be limited to authorized personnel only. Services also need to continuously authenticate users and other systems on the internal network to protect services from threats that have breached the outer walls. While centralized access control systems simplify governance, using multiple authentication realms and forms of authentication provide additional protection from compromised credentials.

Using tools and services that allow for multiple authentication requirement, without degrading the user experience, is a delicate balance—and one that must be maintained. Considering phishing attacks are still one of the leading causes of security incidents, having multiple forms of authentication (MFA) will substantially improve your posture and can be implemented within your systems, making it easy for users to access and use.

Principles of authentication, authorization and auditing (AAA) must be applied to every network, system and service. Fine-grained privilege management ensures users and systems are only performing the tasks they are authorized to execute, minimizing the chances of an insider threat or breadth of damage from a hijacking attack.

With cloud services, the use of single sign-on or same sign-on services reduces your administrative overhead and dramatically improves overall security. These services also enable you to leverage MFA by building it into your directory services and bring MFA to cloud services, where it’s not supported natively.

4. Secure each and every server and device
The next layer of defense is dependent on security controls applied to your servers, devices or “endpoints.” This includes patching, hardening and regular monitoring of your endpoint controls.

Some of the largest security breaches continue to stem from unpatched software. The move to cloud and serverless technologies can actually make it easier to maintain control over your systems as cloud service providers will automatically take care of this for you as part of their shared responsibility model.

Statistics show that service providers are doing a better job of this than those who self-manage. This is no surprise as cloud service providers often have a head start on patching vulnerabilities on their systems either because they maintain the operating system and database, or because of responsible disclosure programs that tend to give early notice to cloud vendors based on the potential impact to the public at large.

Smart gateways, DDoS protection and web application firewalls are a few of the utilities offered by cloud service providers to protect applications, and secure APIs from network and web attacks. These services come with the latest encryption ciphers, which can be enabled with a click of a button. This ensures compliance while protecting you from yet another SSL vulnerability.

Advanced logic can also be added to API calls in-flight, providing powerful capabilities such as routing, rate-limiting and augmenting the call with additional details to be leveraged by the application downstream.

All servers, public or private, must be continuously monitored and as many servers as possible should sit behind the firewall—including logging servers—to add additional layers of protection. This greatly reduces the chance of a data breach.

5. Test the security of all applications
Regardless of whether your applications use commercial software, open source or are built in-house, security is paramount to the overall security of your environment. Basically, an application is what’s exposed on the network for user consumption. And as shift left testing becomes more popular, tools such as static application security testing (SAST) help address security vulnerabilities in the early stages of development.

The automation that comes with these tools allows for frequent testing, enabling developers to identify and resolve bugs. Before the application is made available to the internet, dynamic application security testing (DAST) allows your organization to test applications in their final form.

6. Map out detailed policies and procedures
Well-defined and established policies and procedures will ultimately govern how security is maintained in your organization. Executive leadership needs to set the tone and ensure everyone knows their part and does it. Formal, well-documented and frequently updated processes and procedures give everyone guidance on what they need to do to help keep the organization secure.

7. Conduct regular internal and external audits
No matter how good we are, we still need to check ourselves and use other departments or other companies to validate our defenses. When you’re not in the middle of fighting a war, mock exercises using red team vs. blue team drills can help identify weaknesses in your security posture and allow you to fix vulnerabilities before an actual attack.

In particular, in-house development needs dedicated application security staff to check and challenge the developers, along with their programming and open-source use methodologies.

8. Stay up to date on the latest advances
Keeping up with the latest security trends, standards and technologies helps you learn from others while staying ahead of the curve. Threats and defenses are always evolving in a continuous cat-and-mouse game, so you must vigilantly and continuously update your strategies and tactics to stay secure.

9. Keep every aspect of operations secure
While it’s easy to think of public cloud (such as Azure, AWS or GCP) as a managed hosting service, this is only a small part of the services public clouds offer. Today’s services interact with a variety of other services, including storage, queuing, messaging, machine learning and much more. Think of REST API services offered by Microsoft Office 365, Salesforce or Google App. None of them involve any of the traditional infrastructure and security layers.

To thrive in this new reality, you’ll need to consider how to build cloud-native security into your operations from day one. This includes API-level audits, security tools offered by cloud platforms, and less direct use of infrastructure wherever possible to minimize the attack surface you have to defend.

10. Develop a security-minded culture
The best locks in the world won’t work if the door is left open. This is the one concept that must become part of every company’s culture if they want to keep their data secure. While we’ve provided a number of ways that can help secure your systems, you should also recognize that the largest data breaches are often preceded by the careless actions of users.

Simply walk down the aisle on any airline flight and you’ll see proprietary data splashed across numerous laptop screens. While formal security policies are a must, it’s important to create a culture where every employee takes security personally, such as immediately reporting a stolen laptop or flash drive, and providing a security screen for their laptop to protect valuable or confidential data when they’re out in the world. These simple changes to your culture can help ensure that all the time and money you spend on security isn’t thrown out an unlocked door.

Let’s face it—nothing created by man is perfect. The best we can do is to do our best every day. By following the above guidelines, putting good practices into effect and aggressively maintaining these practices, you can create and manage a more secure environment for your customer, partners and suppliers.

To learn how Ingram Micro can help your improve your cloud security, contact us today at cloud@ingrammicro.com.

SHARE
Mike Jennett, Director of CloudBlue Platform Strategy, is an accomplished business and technology executive. With a deep focus on product development and go-to-market strategy, he plays a pivotal role driving strategic growth and market expansion. Mike’s career is characterized by his adeptness in driving technological advancements and his commitment to leading digital transformations with experience including IDC where he was VP of the Mobility and Digital Transformation IEP practices, and HP where he held numerous leadership roles. Mike’s expertise is also reflected in his published works and contributions to multiple tech publications. Mike holds a B.A. from California Polytechnic University.
Having previously to strategic product management, agile transformations, and user experience in CloudBlue, Taylor Giddens heads the Services & Solutions team where he ensures smooth delivery, operations and solution growth for our partners and customers.

The team includes technical account management, managed services, support, custom solution development, and customer enablement.

Prior to CloudBlue, his resume boasts leadership of some of the world’s largest companies during their digital transformations and marketplace launches. Taylor is a practitioner of servitude leadership when it comes to enabling his team to drive positive outcomes on the road to operational excellence.
Laurens van Alphen, a visionary entrepreneur with over 29 years of internet technology expertise, serves as Director of Technical Managed Services at CloudBlue, responsible for Operations and Delivery of CloudBlue SaaS.

As a Dutch racing champion and car enthusiast, he brings the same drive to the tech realm, steering Keenondots from a managed hosting firm to a global cloud enablement leader. Laurens is celebrated for his outcome-driven leadership, deep industry insight, and passion for balancing business innovation with client engagement.
Lincoln Lincoln is CloudBlue’s Head of Global Sales; having been with the company since November 2017. Leading CloudBlue’s global go-to-market organization, he’s responsible for driving accelerated and sustained mutual growth with CloudBlue’s customers and partners, as well as forming new customer partnerships across the Vendor and Provider ecosystem. As part of CloudBlue’s leadership team he is responsible the organisation’s revenue and continued market leadership by delivering and supporting products, services and solutions to organizations in established and new markets around the world.

Before joining CloudBlue, Lincoln was AppDirect’s Regional Director, Asia Pacific & Japan, responsible for forming, building and leading AppDirect’s business and operations across the APJ geography. He built and led AppDirect’s fastest growing and highest performing region globally within 3yrs.

Before joining AppDirect, Lincoln was EMC’s Practice Manager, Cloud Service Providers, APJ, working with the leading Service Providers to maximise their Cloud Business presence & market success. Lincoln joined EMC in 2007, and has over 20 years’ experience in the IT industry, having been based out of Singapore, Australia and the UK. Prior to EMC, he was in range of sales and channel positions at Symantec and VERITAS.

Lincoln has an Honours degree in Business Administration from Kingston University in the United Kingdom.
Brent Clooney is the Executive Director and Associate General Counsel for Ingram Micro Inc., and lead counsel for CloudBlue.

Brent is a Canadian based corporate lawyer with more than 20 years of experience as a strategic legal advisor both in private practice and as in-house counsel to large multi-national companies. Prior to joining Ingram Micro in 2008, he worked at a well-respected corporate law firm in Toronto, Canada and later served as general counsel for Toshiba Canada. During his 15-year tenure at Ingram Micro, he has held positions of increasing complexity and responsibility, and since being promoted to his current role in 2022, Brent is the legal lead for both Ingram Micro’s Canadian and global cloud businesses, as well as CloudBlue.

Brent holds a law degree (LL.B.) from Queen’s University, a Psychology degree (B.A. Honours) from Lakehead University, and has been admitted to the bar in Ontario, Canada since 2002.
Anurag serves as the Head of Product Management for CloudBlue and is responsible for product direction and driving innovation. His leadership has been marked by a keen focus on customer needs, growing the ISV ecosystem, and ensuring the continual evolution of CloudBlue’s product portfolio.

Anurag joined Ingram Micro in 2017 and has been instrumental in, positioning CloudBlue as an industry leading monetization platform for MSP’s, Telco’s and Distributors. Previously Anurag worked at Oracle and Microsoft where he managed many technology projects and programs.
As VP of Engineering of CloudBlue, Rony oversees the development and engineering efforts of the company. He is a recognized leader with more than 25 years of experience in Technology and Product.

Prior to joining CloudBlue Rony lead the R&D efforts at Tripwire acquired by Thoma Bravo, and Cedexis acquired by Citrix. Rony is a leader with extensive experience in transforming both complex technology problems into products that customers love and disjointed organizations into agile high performing teams.
Coen is a distinguished leader and entrepreneur in the realm of cloud technology. Currently serving as CEO of Keenondots and the Global Director of CloudBlue SaaS. He is passionate about driving innovation, fostering collaboration, and leading high-performing teams to achieve transformative results.

With a background as Managing Director of INTO Cloud and a pivotal role as Director of Products of KPN, he brings a wealth of experience in steering organizations through the complexities of the digital landscape.

Beyond the boardroom, Coen is a marathon enthusiast, demonstrating endurance and discipline in pursuit of both professional and personal goals.
Alyson has over twenty years of experience in demand generation, marketing automation and data management. She is responsible for leading the strategy and direction of the company’s brand, performance, and digital marketing.

Prior to CloudBlue, Alyson served as Ingram Micro’s Director of Global Business Intelligence Marketing Automation driving channel partner campaigns. Her tenure in marketing leadership at prestigious companies such as Western Digital, Ocean Institute celebrates redefining marketing campaigns and building top performing teams based on trust, experimentation, and results.

Alyson resides with her husband and three children in Orange County and is an active volunteer and donor within her children’s sports and education programs.

Darek Tasak is leading Customer Success & Value Creation for CloudBlue. In his role, he looks after CloudBlue customers globally during the entire lifecycle of our relationship: from the initial on-boarding, through in-life account management, always ensuring they build successful businesses leveraging our technology. Additionally, he is also in charge of Partnership & Alliances, as well as Pricing Management for everything we commercialize.


Before CloudBlue, Darek managed Ingram Micro’s Services division for hi-tech customers in Europe & APAC. His prior experiences include also launching and leading pan-European services business for TDSynnex, as well as strategy consulting with Boston Consulting Group (BCG).

As President of CloudBlue, Uddhav is a distinguished leader and visionary with nearly two decades of platform-building experience. He is an industry leader in digital commerce, the subscription economy, and monetization platforms.


Notably, at SAP, he spearheaded the transformation of their platform business into a multi-cloud platform-as-a-service, offering enterprise and developer-friendly subscription models. At Pure Storage, he championed the efforts to successfully disrupt the storage industry by creating revolutionary Storage-as-a-service, AIOps-as-a-service, and Disaster Recovery-as-a-service offerings with cutting-edge features and establishing a sophisticated subscription commerce infrastructure that is channel-friendly.


At CloudBlue, Uddhav guides and empowers businesses to rethink their monetization strategies by unlocking the power of digital ecosystems and marketplaces. CloudBlue provides enterprises with a mature multi-tier, multi-channel marketplace and monetization platform that enables usage-based subscription models and global delivery of Anything-as-a-Service solutions. Uddhav has played a pivotal role in shaping the future of the subscription economy through his innovative thinking and impactful contributions.

Let's talk