Cloud Security Requirements and Policies

Secure data in the cloud

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Develop your talent with more than 10,000 online courses from LinkedIn Learning

Keeping data securely in the cloud is not difficult so long as you follow industry best practices. Let's take a look at some of these industry best practices for data security. These include implementing a strong password policy, which ensures all passwords are complex, and that they are changed on a regular basis. Only grant data access rights and permissions to users that are absolutely required. For all data that relates to customers, ensure that you audit and monitor access to it and then review the logs often.

To secure the data at rest or during transit, you should consider using data encryption. Remember that the more layers of security that you put in place the more difficult it is for your data to be compromised, but each layer that you introduce also increases the complexity and the cost of the solution. Data security can be implemented for data at rest using symmetric or asymmetric encryption, and across your internal LAN and WAN networks, by using Virtual Private Networks. For data on the Internet, we can use Secure Socket Layer, or Transport Layer Security protocols.

All encryption is secure but there are different levels of how secure. Let's take a look at some of these. One of the easiest encryption models to implement is symmetric encryption. It uses a single key to both encrypt and decrypt files. The key is also known as a secret key or a shared key or private key. Both the sender and receiver must have the secret key, and if the key is exposed then the security is compromised. Now, although relatively weak, compared to other encryption methods, symmetric encryption is very fast, secure and easy to set up.

A slower, but more secure and complex method, is asymmetric encryption, which is also known as public key encryption. It uses clever mathematics to create a pair of related encryption keys. One key is used to encrypt the data, and the other key for decryption. Virtual Private Networks or VPNs allow data security to be implemented across the network between your remote sites. These are quite common and can encrypt the data that has been sent across public networks such as the Internet. They are most often used by remote workers to access the corporate network.

Secure Socket Layer, or SSL, is quite old. Developed in 1995, it uses two keys to encrypt data sent across the Internet, a public key and a private key. When SSL is used over the web, it has the URL starting with HTTPS, which stands for HTTP Secure. The public key is also published in a digital certificate which is used to confirm the identity of the web server. The Transport Layer Security or TLS protocols, supersedes SSL and is often referred to as SSL 3.1.

HTTPS can use either SSL or TLS, but TLS is the default protocol, as this is more secure, and provides encrypted communication between the browser and the web server. TLS is usually the default security protocol for most web browsers with SSL being the generic term that is commonly used. It is easy to ignore basic security measures. These include technical areas such as the perimeter security of your network and firewall, limiting who has access to create virtual machines, and access to the host servers running Hypervisor based VMs.

Data theft can occur if the access to hard drives, storage arrays, and SANs is not tightly controlled. And you also need to secure your client and server operating systems, keeping up to date and only using software that is currently supported. Internal security classes and training for staff is very important as they minimize risk, and ensure that if there is any malicious activity then it is detected quickly and actioned. You need to adopt a configuration and change management policy such as ITEL or IT Service Management, and establish an audit policy to watch over your IT assets.

And then review the logs and look for suspicious network activity. Let's move over to our Google Chrome browser, and load the Office 365 default sign-in page. We can see from the top left hand corner that the site is secure because of the padlock, and the HTTPS. If we click the padlock, we see that the connection is secure. Now let's click the three dots menu on the right hand side, click More Tools, and then Developer Tools. Now click on the Security tab. This will give you the security overview, and the ability to view the certificate.

You'll see at the bottom of the security overview, it refers to TLS 1.2 protocol, which is an obsolete protocol, we're using 3.1. Let's click the certificate, and we can see the purpose of the certificate is to secure transmission between our web browser and the web server, and this is secured by SSL. In the next movie, we'll cover how to ensure that your cloud provider is transparent with your data security.

LinkedIn Learning

LinkedIn Learning is an online learning platform that combines industry-leading content from Lynda.com with LinkedIn’s professional network of more than 500 million member profiles to provide highly personalized course recommendations and a more intuitive learning experience. Learn more.

Benefits

  • Learn from recognized industry experts, and get the business, tech, and creative skills that are most in demand.

  • Receive personal recommendations based on your LinkedIn profile.

  • Stream courses from your computer or mobile device.

  • Take courses for every level – beginner to advanced.

  • Practice while you learn with quizzes, exercise files, and coding windows.

  • Provide learning for your team or entire organization, with an easy to use experience for managing users, curating content and measuring engagement


For businesses with 150+ licenses Request Office 365 onboarding assistance from FastTrack

You can request remote and personalized assistance with onboarding. Our FastTrack engineers will help you plan your Office 365 project, assess your technical environment, provide remediation guidance, and provide user adoption assistance. For businesses with at least 500 licenses, Microsoft also provides personalized assistance to migrate data to Office 365.

See the FastTrack Center Video: http://aka.ms/meetfasttrack

Get started today: http://fasttrack.microsoft.com

Tip: Businesses with 1-149 licenses still have access to FastTrack guidance via links in the Admin Center and also available at https://aka.ms/setupguidance.

Gain a new or enhanced understanding of cloud principles, service offerings, delivery mechanisms, and security requirements. This course focuses on the objectives for the first two domains of the Microsoft Cloud Fundamentals exam (98-369: Understand the Cloud and Enable Microsoft Cloud Services). IT professionals and those interested in pursuing certification can use this course as an exam preparation resource.

Topics include:

  • Cloud principles and security mechanisms

  • Cloud security requirements and policies

  • Cloud updates and availability

  • Types of cloud services

  • Signing up for cloud services

  • Configuring cloud services

  • Configuring Microsoft Intune

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×