What to do if there's a breach in your Public Cloud?
In light of the recent cyber-attacks, security of Public Cloud has been questioned time and again for its reliability. In other words, CoreIT finds Cloud to be hack-able, though the chances of that happening are very rare. But that doesn’t give the leeway for neglecting security or putting it on the back burner for enterprises.
Therefore, CoreIT has complied here a few tips to help enterprises cope a hack or cyber-attack of Public Cloud:
Contact your provider right away: This can be the first step and can automatically lock down many instances in Cloud. The automated procedures can at times help to locate and trace the source of attack.
Quickly shutdown maintenance instances: On the enterprise level, shutting major operations and maintenance thus preventing the hacker to gain further access.
Review all security opportunities and tools: Using the incident to review to find the actual failure point can help to review and review steps for security.
Convey the breach info to affected people: If the breach involves the comprising of sensitive data of people, it is always ethical to inform people about the breach along with the regulatory authority for further process and mitigation activities
What not to do when a Public Cloud is hacked
As important as it may be follow the above protocols in Cloud, there are certain steps that must not be taken when a Public cloud is breached:
Re-hosting decisions: Re hosting is not always a solution. Human error is always a part of the breach and blaming it on the provider and playing the blame game will not help in the long run. Plus such a move may prove costly too.
Never initiate a counter attack on the hacker: To retaliate with a counter attack on a hacker may prove fatal as it can escalate the situation to worse levels. Simply shutting down the systems and removing IP addresses can provide some time to figure out the cause of breach