The use of cloud computing services makes a lot of sense for many businesses. By storing data on remote servers, businesses can access data whenever and wherever it’s needed, and cloud computing reduces the cost of the infrastructure required to manage their networks.
While cloud computing offers a number of benefits, it also has some drawbacks, most notably in the realm of security. Whenever data is transmitted between endpoints it’s vulnerable to loss or theft, and in an era when employees have 24-hour access to servers that are “always on,” security is of the utmost importance.
If you have already made the move to the cloud, or if you’re considering it, there are some steps to take to ensure that your data stays safe and secure.
Step 1: Choose the Right Vendor
The growth in cloud computing means an increase in cloud services providers. Before you choose a vendor to store your valuable data, find out how the vendor will keep your data safe. But don’t rely on sales presentations and literature from the vendor explaining their security policies and procedures. Perform your own background checks on the vendor, check references, and ask questions about where and how your data will be stored, as physical security is just as important as network security. Be sure that the vendor can provide proof of compliance with any governmental regulations regarding your data, and employs adequate encryption protocols.
Step 2: Encrypt Data at All Stages
Speaking of encryption, ensuring data security requires encrypting data at all stages — in transit and while in storage. When data is encrypted, if there is a security breach the data will be all but useless unless the criminals hold the encryption key. However, according to a recent survey, few companies actually encrypt the data at all stages, instead only encrypting during transit or while in storage, creating serious vulnerabilities.
Step 3: Manage Security In-House
Data breaches in cloud computing often occur because the right hand doesn’t know what the left is doing; in other words, no one really knows who is responsible for the security of the data in the cloud. One survey indicated that nearly half of all businesses believe that security is the vendor’s responsibility, while an additional 30 percent believe that the customer is responsible for securing its own data. The answer lies somewhere in the middle. While the cloud provider certainly has a responsibility for securing data stored on its servers, organizations using the cloud must take steps to manage their own security. This means, at minimum, encrypting data at endpoints, employing mobile device management and security strategies, restricting access to the cloud to only those who need it and employing strict security protocols that include two-factor authentication.
Step 4: Provide User Training
One of the biggest mistakes that companies switching to cloud computing make is assuming that users know how to use the cloud and understand all of the security risks and protocols. For example, it’s not uncommon for employees using their own devices for work to log on to the cloud from the closest hotspot — which might not be the most ideal situation security-wise. Employees need to be trained and educated on how to properly maintain the security of their devices and the network to avoid security breaches.
Step 5: Keep Up With Advances in Security
One of the most common causes of devastating security breaches is a vulnerability created by failing to install security updates or patches to software. Malware is often designed to exploit vulnerabilities in common plug-ins or programs, and failing to keep up with updates can lead to disaster. All endpoints must be continuously updated to keep data secure. In addition, as the security industry changes protocols, best practices change as well. Understanding changes in best practices, technology and protocols and making changes accordingly will help prevent a costly disaster.
There are many factors that go into developing a robust security plan for data stored in the cloud, but at the very least, these five points must be taken into consideration. Without addressing these issues, even the best security technology and plan will leave your data susceptible to attack.
About the Author: Christopher Budd is a seasoned veteran in the areas of online security, privacy and communications. Combining a full career in technical engineering with PR and marketing, Christopher has worked to bridge the gap between “geekspeak” and plain English, to make awful news just bad and help people realistically understand threats so they can protect themselves online. Christopher is a 10-year veteran of Microsoft’s Security Response Center, has worked as an independent consultant and now works for Trend Micro.