Network & Data Isolation: Can It Keep Your Company’s Cloud Secure?
Cloud security remains a particular concern in 2016, with 65 percent of companies expressing security concerns about migrating to the cloud and 40 percent worrying about loss of physical control over cloud data, according to the Netwrix 2015 Cloud Security Survey. To keep cloud data safe, many companies are using a security strategy known as network and data isolation. Here are some security isolation strategies you can use to keep your cloud data safe.
The Need for Isolation
Imagine a Wi-Fi network centered around a wireless router. With a standard router network, every device that connects to the network gets treated as part of the same network, enabling every device on the network to communicate with every other device. This can become a security problem if one device on the network is infected or operated by a malicious user. A virus on one device could conceivably spread to every other device on the network, or a hacker could access the usernames and passwords of everyone on the network.
The same problem can arise on a cloud network. For instance, imagine if a hacker could spread a virus to every customer on Amazon or steal data from every customer’s account simply by accessing one account through Amazon’s website.
Isolating Security Zones
To prevent this problem, one technique security experts have developed is dividing a network into isolated security zones. A security zone is a virtual area where all users share a common security risk. Security zones are divided so that if a zone gets compromised, the damage is isolated to that zone and cannot spread to other zones. This can be done by using physical means such as firewalls or by using advanced software to create virtual network segmentation. This allows network zones exposed to the Internet to be separated from non-Internet zones. It also allows valuable information such as customer data to be isolated in a secure zone.
Routers typically have isolation options that let you lock down your network, so devices can’t communicate with other devices on the network or access sensitive zones. Cloud networks using Microsoft Windows operating systems give administrators the capability of logically isolating networks as well as domains.
To achieve isolation on a public cloud network that serves multiple customers, the provider must isolate customers within zones where they cannot intercept other customers’ data or metadata. The security of a provider’s network depends on the provider following proper security procedures, so it’s important to choose a provider that can demonstrate third-party certification and audits. For instance, online storage provider Mozy has ISO 27001 certification and has completed the SSAE 16 Type 2 audit.
Applying Security Isolation
You can apply the principle of security zone isolation in multiple ways to protect your business. Within your company, you can isolate employee workstations and servers from each other so an infection, hacker or unauthorized user in one zone can’t access another. Most workstations and servers in your company don’t need to talk to each other to perform their daily operations, and preventing unnecessary internal communication can keep problems on your network from spreading. This can be achieved by adjusting router settings, logically segmenting networks, or creating subaccounts with limited access settings.
You can also use zone isolation to secure your interactions with contractors and customers. You can allow contractors such as freelancers limited access to a particular zone without giving them access to other areas of your network. Likewise, customer accounts can be limited to the zone that individual should be able to access. Finally, any areas of your network facing the public Internet should be zoned off from your internal intranet.