Securing Your Business Cloud
As you plan to leverage cloud-based IT resources, you must first extensively analyze and evaluate the different risks associated with using such a disruptive technology like cloud computing. In many cases, business’ inability to protect their data stored in the cloud is often a direct outcome of needlessly complicating the cloud security thought process.
If you are worried about cloud security after adopting cloud computing in your business, you should first think of how you secured your data on your premise servers as well as the various security protocols you put in place to protect, control, and manage its access. Now, think about replicating the same steps when securing data in the cloud.
Cloud Security Measures
1. Choose the Right Cloud Service Provider (CSP)
Cloud security requires the combined effort between you and your CSP. Ergo, your first security measure should be choosing the right CSP and evaluating their preparedness in securing your business data and applications. Here, consider SOC 2 certification and compliance to NIST security protocols. If your company operates in the health industry, your CSP must also be HIPAA compliant.
2. Use an Encrypted Cloud Service
Some CSPs provide effective local encryption and decryption tools in addition to storage and backup services. The CSP will encrypt your files on your computer before storing them safely, which means that no one can access your data without a passcode (‘zero-knowledge’ privacy).
3. Do Not Store Sensitive Information in the Cloud
Remember that any exploitation of the underpinning host hardware (Virtual Machines) and OS can lead to the compromise of every data asset and application hosted therein. Several CSPs have been hacked in the past including Apple iCloud, Amazon Web Services, Microsoft Azure, and Dropbox. While these CSPs have put in place security measures to ensure cloud security and data privacy, there is still a chance that your data could be compromised. Therefore, avoid storing any sensitive data on the cloud.
4. Use File-Level Encryption
Comprehensive file-level encryption should form the backbone of your cloud security efforts. Even if your cloud service provider encrypts all data received before storage, do not rely on them completely. Always deploy all-encompassing and sophisticated encryption solutions to your files before uploading the data to the cloud.
5. Secure End-User Devices
Use advanced endpoint security protocols to secure all end-user devices that have access to your business’ cloud-based resources. If you have subscribed to a software as a service (SaaS), platform-as-a-service (PaaS), or an Infrastructure-as-a-service (IaaS) model, you need to protect your network perimeter using sophisticated firewall solutions.
6. Create Strong Passwords
Today, many passwords can be cracked in seconds. This is because many people use easy-to-create-and-remember passwords to protect their accounts. Additionally, using your email password for multiple other services such as Facebook or cloud storage leaves your accounts vulnerable since all login information as well as forgotten passwords arrive to your email.
Use random words, numbers, and symbols to create your password. You should also mix uppercase and lowercase characters to make it strong. However, you need to remember all your passwords without having to write them down somewhere.
7. Use Multi-Factor Authentication Protocols
Apart from requiring a passcode and username to log into your account, some software solutions provide multi-factor authentication. It places an addition security layer on your login that requires you to provide a third factor to authenticate your identity. This factor could be your voice, fingerprint, or a unique code that is generated by a separate device, application, or service. Multi-factor authentication reduces the risk of illegitimate access to your account if your password and username are compromised.
8. Use Anti-Malware
Malware can get onto your desktop, laptop, smartphone, or tablet and do one or more malicious things like stealing your data or giving a third-party unauthorized access. Malware infects computers in several ways including visiting an insecure website or clicking on an email attachment.
Once it’s on your computer, malware can log your user ID, credit card information, or password and send it to a hacker. It might also, quietly, take over your machine and use it to attack others computers in the network. Use anti-malware software from a reputable source to enhance your cloud security.
The Bottom Line
Cloud security is the responsibility of both the client and the CSP. Cloud data storage using the right CSP can be more secure than in-house data storage. Always hire a CSP that is compliant to SOC 2, HIPAA, and NIST security protocols for ensuring data privacy. However, since nothing is ever 100 percent secure, you need to take measures and precautions to protect your data by using strong passwords, multiple authentication protocols, encryption services, securing your end-user points, and adherence to the COSO framework.
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity's success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.