Enterprise Cloud Security Best Practice Architecture
Enterprise organisations with existing permitter high bandwith firewalls with high speed internet uplinks and solid ingress and egress security polices with full Application level and deep pact analysis, secure web gateways, following ITIL policies. The last thing you should do is open up your business to Public clouds that can create internet outbount/inbound links with a lick of a button, exposing your internal company.
The best way to mitigate teh risk of a public cloud data exposures;
- Effectively, Route all traffic through a enterprise grade fire wall for Administration of any and all SaaS and Cloud environments.
- Block all Public Cloud Internet and any new network connections
- Monitor and changes to these configuration.
- Minimise usage of high level access accounts only via strict change control and key management.
- Setup a DirectConnect into your internal corporate firewall and direct all internet traffic using you existing strict firewall policies and minoring.
- Only allow access to Cloud via your Corporate Private IP subnet VPN
- Enable IAM and MFA Access based on Corporate AD Connect to Cloud access.
- Build a policy to eliminate shadow IT