October 19, 2016
Cloud Security Tips
The nightmare of forever-lost, accidentally deleted files could potentially be over with the advent of cloud computing, but security breaches pose a new set of concerns for business professionals.
On the professional side, failure to protect customer data is a public relations nightmare that could also open businesses up to litigation. A 2013 data breach at Target exposed the information of 40 million customers according to CNN. VISA, several U.S. banks, and customers filed class action lawsuits against the retailer. Target paid $67 million to Visa, $39 million to the banks, and $10 million to customers — a total of $116 million in tangible losses due to one data breach.
Important personal data can also be the target of a malicious attack — such as what happened to Wired magazine writer Mat Honan. A hacker broke into his personal cloud storage accounts and deleted all pictures of his then-18-month-old daughter, according to InformationWeek.
It’s no wonder that corporate IT security teams are kept awake at night wondering how if an unscrupulous competitor is able to access their sensitive data, memos, ideas, etc.
Here are 6 simple tips to enhance your cloud security:
- Find out who runs your cloud.
It may seem obvious, but if you’re not using a well-known CSP (Cloud Service Provider) you absolutely need to do due diligence on the company. Find out where they are based, how long they have been in operation and who their customers are.
- Ask where your data is going to be stored.
Many CSP’s offer high availability and DR products, find out if your data is going to be replicated behind the scenes and, most importantly, where that data is stored. Different countries may have more aggressive legal provisions for authorities to access your corporate data; it is vital you know where your data is stored.
- Get proof of certification.
Many companies boast certifications like ISO, PCI, SOC and CSAE, they should have no problem producing a copy of the certifications for your inspection. This assures that you are getting the industry standard in quality, security and processes that will safeguard your data.
- Deploy IAM tools.
Identity Access Management (IAM) tools are a great way to organize and ensure only authorized users are accessing the appropriate data. As cloud adoption rises so will the need for Corporations to invest in identity governance solutions.
- Be mindful of Network Security.
It doesn’t make much sense to build a vault around your data and allow all internet traffic the opportunity to see what you’ve built. Use network security groups for public clouds like Microsoft Azure to reduce potential threats and VPN tunnels when possible.
- Formalize and Enforce an IT policy.
Your best defense is training your teams to be responsible. Your IT policy is the first line of defense against data breaches and will cover many areas that will harden your systems against internal and accidental threats.
Though no organization is completely immune to malicious insiders or external threats, companies must ensure they are not exposed to obvious security threats in the cloud. It is always advisable to choose a cloud partner who is aware of potential vulnerabilities and works proactively to address them. Ensuring a robust IT security system is in place will not only help safeguard your company’s financial future, but strengthen the trust-based relationship with your customers.