The growing number of attacks could threaten your cloud deployments. An approach of 'find, respond, and recover' can better protect your systems. Credit: Andrey Popov / Getty Images Ransomware is making the news more and more, and I suspect this will continue to happen for the next few years at least. Attackers mostly exploit neglect and a lack of expertise, and it’s a sure bet that their sights will turn to the cloud in time. One of the reasons we’re not seeing more attacks within public clouds is that they are well maintained and updated and have much better security than their on-premises counterparts. However, as most security experts will tell you, nothing is 100% secure, and cloud security still has some evolving to do before it’s close to optimized. But we can’t wait for cloud security to become perfect. The quest today is to find the best practices to prevent ransomware and other attacks on cloud-based systems. It comes down to find, respond, and recover. Find. Security monitoring is the best defense against ransomware. This includes detecting attack attempts as well as monitoring other ways ransomware can get into your cloud-based systems, such as phishing emails. Finding should be proactive. Leverage your cloud provider’s native security systems to not only set up defenses, but to actively monitor all systems by looking for things such as failed log-in attempts, CPU and I/O saturation, and even suspicious behavior by authorized users. Once a threat is detected, respond. Respond. The response should be automated. If you’re sending texts or emails to security admins, it’s likely too late. Automated systems can lock out certain suspect IP addresses and automatically kill processes that are behaving suspiciously. Other actions could include forcing password changes to accounts to prevent cloud account takeover based on monitored activity. Even initiating backups in case the attack is successful, to be prepared to move quickly to recovery. There is a human element to responding, including activating a well-trained response team to follow a set of preplanned processes. This should include communicating with others interacting with the cloud-based systems, such as customers and suppliers, as to their risks and courses of action. Recover. Ransomware is so dangerous because there is no way to recover to a former state; this is why victims pay ransoms. You need to have some way to recover to a former state, including all data and processes needed to support the business. Some businesses may be okay with losing an hour or so of data. Others need an active/active approach where there is no data loss and the end users may not even know that the switch to backed-up data occurred. Again, automated backup and recovery systems, either native or third party, are the best way to go here. They need to be part of the automated response processes and kept in separate security domains so they are not compromised at the same time as the primary systems. This is simpler to explain than to deploy. However, as more enterprises move to the cloud, the ransomware attacks will follow. Setting up security systems and processes slows down migration and is a huge cost and hassle, but using the public clouds means taking your security game to the next level. Nobody wants to be a victim. Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos