Access control is paramount for cloud security

1 December 2019 Access Control & Identity Management

Companies are increasingly shifting IT services and applications to the cloud to be readily available to employees, empowering their productivity from wherever they are and from any device. Moving critical business information to the cloud does come with security challenges, with unauthorised access topping the list.

To protect data in the cloud, companies need to have appropriate measures in place to manage and control who has access, based on their credentials. This is according to Charl Ueckermann, CEO at AVeS Cyber Security.

“Before the cloud, everything was hosted on physical servers in your data centre at your premises. If someone wanted access to your data, they had to overcome several security obstacles along the way. A person needed physical access to your server room, to bypass a firewall or intrusion prevention services installed on the servers, and to outwit any other security controls blocking his/her way into the organisation’s databases.

“There is a misperception that if the cloud is secure, measures to control access like this are not necessary, as the data is in a ‘safe place’, so it must be safe. This isn’t necessarily true. The same level of vigilance is required to control access to data in the cloud than what is necessary with data hosted on site. It is also essential to control and manage what different levels of employees can do with that data. Lack of access control, as well as the misuse of employee credentials, means data can be accessed by people who are not allowed to see it,” says Ueckermann.

He explains that companies operate in a highly regulated environment and are obligated to protect their information. To comply with industry or governmental regulations, they should protect their data and carefully control who has access to it.

“Companies cannot rely on usernames and passwords alone to effectively control access to the cloud, as 80% of breaches in the cloud are due to weak passwords[1]. Multi-factor authentication to access cloud services should be non-negotiable. For example, when you use Microsoft’s Authenticator on your smartphone, there are four layers of security. These are: where you are, based on the geographic location from where you are logging in; what you know, being your username and password; what you have, namely your mobile device in your hand; and who you are, which would be your biometric code to access your phone.

“Similarly, you ideally want at least three ways to authenticate your employees before they can access company resources in the cloud. Besides, there should be clearly defined containers to segregate who has access to what information once they have been authenticated. Employees should be granted access only to the information they require to do their work. Authorisation measures should also be in place to ensure that information cannot be downloaded by or shared with people who don’t have permission.


Charl Ueckermann.

“Monitoring tools can also help to pick up on abnormal behaviours. For instance, geolocation control would detect unusual behaviours such as a login by an employee in Pretoria and five minutes later, a login in Germany by someone using the same login details. Monitoring tools will also detect mass downloads, mass deletes and any other activities that are outside the norm,” Ueckermann recommends.

He stresses that employee education should form part of any organisation’s cloud security strategy.

“People tend to trust too easily and not verify enough when it comes to IT security threats. They open emails, click on links, share information, download information and share their passwords without understanding the potential consequences. For a cloud security strategy to succeed, it is vital that employees understand the risks, how their actions can make data vulnerable, and what they can do to keep data safe.”

Ueckermann concludes with these three tips:

• Implement appropriate governance processes and policies to formalise and govern how organisations manage their data security in the cloud.

• Deploy effective technologies that are specific for the cloud to enable identity management and control access to data.

• Relentlessly continue with user education and awareness to make your employees part of the solution rather than a vulnerability.

Reference: [1] Martins, A. (2019, 02 27) – ‘Poor Access Management Leads to Majority of IT Hacks, Study Finds’. Retrieved from https://www.businessnewsdaily.com/11310-cyberattacks-poor-access-management.html


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

New State of Physical Access Control Report from HID
HID Global Editor's Choice Access Control & Identity Management News & Events
HID released the 2024 State of Physical Access Control Report, identifying five key trends shaping access control's future and painting a picture of an industry that has been undergoing considerable transformation.

Read more...
Smart intercoms are transforming access control
Access Control & Identity Management Products & Solutions
Smart intercoms have emerged as a pivotal tool in modern access control. They provide a seamless and secure way to manage entry points without the need for traditional security guards to validate visitors before granting them access.

Read more...
Easy, secure access for student apartments
Paxton Access Control & Identity Management Surveillance
Enhancing Security and Convenience at Beau Vie II Student Accommodation, a student apartment block located at Banghoek Road, Stellenbosch, with Paxton's access control and video management solution

Read more...
Invixium acquires Triax Technologies
News & Events Access Control & Identity Management
Invixium has announced it has acquired Triax Technologies to expand its biometric solutions with AI-based RTLS (Real-Time Location Systems) offering for improved safety and productivity at industrial sites and critical infrastructure.

Read more...
ControliD's iDFace receives ICASA certification
Impro Technologies News & Events Access Control & Identity Management
The introduction of Control iD's iDFace facial biometric reader, backed by mandatory ICASA certification, underscores the commitment to quality, compliance, and innovation.

Read more...
The future of workplace access
HID Global Access Control & Identity Management
Mobile credentials are considerably more secure than physical access control, because they eliminate the need for physical cards or badges, support multiple security protocols, and add layers of protection on top of basic card encryption.

Read more...
Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Read more...
Bespoke access for prime office space
Paxton Access Control & Identity Management Residential Estate (Industry)
Nicol Corner is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. It is also the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption.

Read more...
Next-generation facial recognition access control system
Enkulu Technologies Products & Solutions Access Control & Identity Management Residential Estate (Industry)
With a modern and innovative design, iDFace is the ideal device for monitoring and controlling people entering and exiting a building using facial recognition technology, including liveness detection, for enhanced security.

Read more...
Long-distance vehicle identification
Products & Solutions Access Control & Identity Management Residential Estate (Industry)
The STid SPECTRE reader can identify vehicles up to 14 metres away, across four traffic lanes, ensuring secure access to an estate without disrupting the traffic flow.

Read more...