Got it

Industry best practices for avoiding Cloud hijacking?

Created: Dec 3, 2021 14:48:51Latest reply: Dec 4, 2021 12:06:04 406 7 0 0 0
  Rewarded HiCoins: 0 (problem resolved)

Hello @feifei_xin

Can you please share Industry best practices for avoiding Cloud  hijacking?

  • x
  • convention:

Featured Answers
faysalji
Moderator Author Created Dec 4, 2021 07:58:59

Tips to prevent account hijacking attacks in the cloud

The best defense for any cloud is a multi-layered approach to security. This starts with the human factor, with top-down awareness through the business of the risks, training about phishing and scams.
1. Close collaboration between CIOs and CISOs is key

When researching various cloud providers or replacing ones that don’t provide adequate security protection, it’s vital that CIOs collaborate closely with CISOs. That goes for services, compute and storage, ensuring they meet compliance and governance standards, and the other complexities of a modern cloud.
2. Restrict access to cloud services to authorized users

The IT team needs to ensure that each service is secure, that only authorized users have access to services, and every credential and password is secured. Most cloud services require additional layers of protection like cloud access security brokers (CASBs), next-gen firewalls and other tools.
3. Embrace cloud tokenization

When it comes to protecting regulated data like credit card details, personally identifiable information (PII) and government or health codes, many firms are adopting cloud tokenization to support or replace encryption tools. Another step forward is in zero trust solutions that add verification layers to ensure only legitimate access is granted to valid users.
4. A cloud disaster recovery plan is a must

Firms also need to have adequate disaster recovery procedures in place that are regularly tested to work as the cloud footprint grows, big data creates pressure on the business to adopt more automation and fresh risks are created.

There’s no one size fits all solution to cloud security. Instead, each CISO, IT security or cloud leader and team will have to build their own approach that meets the business needs, while providing the most flexible and rigorous layers of defense. And every time a new cloud service is adopted, they’ll need to ensure it’s integrated into the security scheme and doesn’t create any new weak points.

Cloud security is a never-ending battle, with new threats appearing, employees finding creative ways to work that may create a risk, the creation of shadow IT being one of the most critical, and criminals exploiting new avenues of attack. Increasingly automated protection services will help IT create these defenses, but CISOs will need to fight for the budget to adopt them, and ensure that manual oversight is alert to each and every issue, ready to react if needed.

Source:https://www.insightsforprofessionals.com/it/cloud/avoid-cloud-account-hijacking-attacks
View more
  • x
  • convention:

hpl_Panda
hpl_Panda Created Dec 4, 2021 11:15:02 (0) (0)
 
user_4495775
user_4495775 Created Dec 5, 2021 06:07:53 (0) (0)
 
All Answers
stephen.xu
stephen.xu Admin Created Dec 3, 2021 14:49:26

hi, dear

Please kindly wait for a minute.
View more
  • x
  • convention:

feifei_xin
feifei_xin Created Dec 3, 2021 14:56:09

hello, this can check with the FusionGaurd service.
View more
  • x
  • convention:

hpl_Panda
hpl_Panda Created Dec 4, 2021 11:15:08 (0) (0)
 
faysalji
faysalji Moderator Author Created Dec 4, 2021 07:58:59

Tips to prevent account hijacking attacks in the cloud

The best defense for any cloud is a multi-layered approach to security. This starts with the human factor, with top-down awareness through the business of the risks, training about phishing and scams.
1. Close collaboration between CIOs and CISOs is key

When researching various cloud providers or replacing ones that don’t provide adequate security protection, it’s vital that CIOs collaborate closely with CISOs. That goes for services, compute and storage, ensuring they meet compliance and governance standards, and the other complexities of a modern cloud.
2. Restrict access to cloud services to authorized users

The IT team needs to ensure that each service is secure, that only authorized users have access to services, and every credential and password is secured. Most cloud services require additional layers of protection like cloud access security brokers (CASBs), next-gen firewalls and other tools.
3. Embrace cloud tokenization

When it comes to protecting regulated data like credit card details, personally identifiable information (PII) and government or health codes, many firms are adopting cloud tokenization to support or replace encryption tools. Another step forward is in zero trust solutions that add verification layers to ensure only legitimate access is granted to valid users.
4. A cloud disaster recovery plan is a must

Firms also need to have adequate disaster recovery procedures in place that are regularly tested to work as the cloud footprint grows, big data creates pressure on the business to adopt more automation and fresh risks are created.

There’s no one size fits all solution to cloud security. Instead, each CISO, IT security or cloud leader and team will have to build their own approach that meets the business needs, while providing the most flexible and rigorous layers of defense. And every time a new cloud service is adopted, they’ll need to ensure it’s integrated into the security scheme and doesn’t create any new weak points.

Cloud security is a never-ending battle, with new threats appearing, employees finding creative ways to work that may create a risk, the creation of shadow IT being one of the most critical, and criminals exploiting new avenues of attack. Increasingly automated protection services will help IT create these defenses, but CISOs will need to fight for the budget to adopt them, and ensure that manual oversight is alert to each and every issue, ready to react if needed.

Source:https://www.insightsforprofessionals.com/it/cloud/avoid-cloud-account-hijacking-attacks
View more
  • x
  • convention:

hpl_Panda
hpl_Panda Created Dec 4, 2021 11:15:02 (0) (0)
 
user_4495775
user_4495775 Created Dec 5, 2021 06:07:53 (0) (0)
 
Unicef
Unicef MVE Created Dec 4, 2021 12:06:04

Good answer
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.