WHAT YOU’LL FIND IN THIS ARTICLE:
– Encryption Basics – what it is, why it matters, and how to protect both your data and your keys.
– Access Management – how to strengthen logins with strong passwords, MFA, and least privilege.
– Cloud Security Foundations – practical first steps to secure your environment and reduce risks.
Before diving into advanced configurations, make sure you’ve covered the basics of identity, security, and encryption.
This is meant to be an introductory article on the subject and our goal here is to deliver simple, high-impact steps that can help you drastically reduce the attack surface of your cloud environment!
Let’s begin by talking about encryption!
Encryption is the process of converting readable data (plaintext) into unreadable text (ciphertext), so only authorized people or processes can access it. It works by using cryptographic keys, which can vary in type, size, and algorithmic complexity — such as symmetric or asymmetric cryptography, with the latter being more commonly used today. There are also many algorithm “flavors” like RSA, ECC, and ECDSA.
By encrypting data, you ensure that even if it’s accessed by unauthorized individuals/groups, it will remain unreadable, leaving it with a big chunk of gibberish data. Thus, it is equally important to store your private keys securely to prevent malicious actors from decrypting your data. That’s why there’s such a strong focus on both encrypting the data and securing the keys — protecting your information at both levels.
Data encryption is important because it helps protect people’s privacy, whether the data is being transferred or stored on other people’s servers (a.k.a. cloud), and with this, helps secure data from attackers and other cybersecurity threats.
Depending on the industry you work in, there are regulations that demand and enforce this, such as HIPAA or PCI-DSS.
Encryption performs four important functions here:
Most cloud providers offer encryption for data at rest and in transit. Here are some examples of offerings from today’s major cloud providers:
Beware that not every service offers this without associated costs. A good example is AWS KMS, which has a billing associated with the number of API Calls made to encrypt/decrypt data inside services.
To prevent common issues related to credential exposure or compromised access, you will need to provide rules that enforce security in the short and long term, like putting guardrails in place. The focus here is the people who regularly access the environment, such as developers, admins, analysts, contractors or even business people from the company.
Begin with these and then expand to more complex solutions later such as SSO (Single Sign On).
Remember the password I suggested before? There are a lot of tools online that help us evaluate the complexity of breaking passwords. In this example, I used the University of Illinois password strength test, and here is the result below.
ATTENTION: Do not go around putting your real passwords into the internet!!
We are here to make your life easier, so here are some quick shortcuts to the configurations mentioned above:
Once your foundation is in place, and if you have time and knowledge, you can go SSO (Single Sign-On) in your cloud provider and have a federation in place with your Identity Provider (IdP).
This allows users to use a single user account to authenticate across all environments. Of course, you have to create different profiles (remember that not everyone who is a power user in development should be one in production). Most cloud providers support external identity providers like Azure AD, Google Workspace, Okta, and others, through SAML or OIDC protocols.
With the bonus of improving your end-user experience and avoiding a mountain of tickets asking for password change or reset (yes, this can happen).
Reader: But we have Azure and use Google as our IDP. There is no way we can set this up!
Yes, there actually is!
You can certainly make this work. Here are some examples:
There are also other solutions such as Okta, Duo, Auth0 and many others that can help you achieve this.
By focusing on encryption, strong identity controls, and establishing proper access policies, you’re already covering a lot of weak points attackers love to exploit.
These are foundational steps. It takes time and experience to build them properly in the long run, and when done right, they can drastically reduce your risk and give you a reliable platform to grow from.
If you’ve made it this far, thank you for investing your time in strengthening your security posture. We hope this guide helps you get from the starting point to the next point and also helps you understand the basics so you can prepare yourself for the next steps! If you’re eager to learn more about cybersecurity, we’ve got another article you won’t want to miss.
Securing your cloud environment doesn’t have to be overwhelming, and you don’t have to go it alone.
Whether you’re looking to implement best practices, set up SSO and federation, or level up your infrastructure security as your company scales, you can count on us. We work with the right professionals to build, maintain, and elevate your cloud game securely and efficiently.
You can use our online team builder or contact us directly!
Thank you for your time, and have a KWAN day!