Understanding and implementing the 14 Cloud Security Principles – Part 1: data in transit

We know that switching to the Cloud is a huge step for lots of businesses and organisations. One of the most frequently asked questions we get here at etiCloud is: “how secure will our data be if it is stored in the Cloud?” It’s a crucial question to pose since data security is essential to the success of any company. 

This is where the ’14 Cloud Security Principles’ come in. 

What are 14 Cloud Security Principles?

The 14 Cloud Security Principles make up a framework that outlines important considerations relating to key cloud security topics such as supply chain security, protection of data in transit and identity & authentication. 

Experts at the UK’s National Cyber Security Centre (NCSC) have created specific Cloud security guidance on how to configure, deploy and use Cloud services securely. This guidance covers all the relevant details and context for the 14 Cloud Security Principles you need to know as a business owner.

As you can imagine, there is a large amount of information contained in the guidance. So, we’ve put together a series of blog posts to take you through the NCSC’s guidance for each of the Principles one at time, starting with ‘data in transit protection’.

 

1. Data in transit protection

 

Data in transit is defined as a) information that flows over the public or untrusted network such as the Internet and b) data that flows in the confines of a private network such as a corporate Local Area Network (LAN).

In order to protect against anyone tampering or eavesdropping on user data transiting networks, the NCSC recommends that a combination of network protection and encryption is implemented. This will have the effect of denying an attacker the ability to both intercept or read data.

Goals

For this Cloud Security Principle, the NCSC states that “you should be sufficiently confident that:

• Data in transit is protected between your end user device(s) and the service

• Data in transit is protected internally within the service

• Data in transit is protected between the service and other services (e.g. where APIs* are exposed)”

The NCSC goes on to provide a number of additional notes on approaches to implementing data in transit protection. Its guidance explores several ‘points of attack’ that should be considered and explores TLS** protection and Joiners & Leavers scenarios, offering specific recommendations for each. 

Read the NCSC’s complete guidance on data in transit protection here. And if you have any further questions or queries regarding the implementation of data in transit protection within your business, please don’t hesitate to contact any one of the etiCloud team.

Next up: Asset protection and resilience

* API stands for Application Programming Interface. An API is a set of functions that allows communications to communicate with each other.

 

** TLS stands for Transport Layer Security. TLS is a cryptographic protocol that offers authentication, privacy and data integrity between two communicating computer applications.