It’s a safe bet: More than one IT professional has likely woken up in a cold sweat, convinced that an upcoming cloud move will open their organisation to significant security risk. No surprise, then, that the cloud security market is on track to reach almost $12 billion in the next six years as businesses look for ways to leverage the agility and flexibility offered by cloud computing while minimising risk. Here, John Schumaker, Cloud Services Manager at Gordon Flesch Company, proposes five quick tips to improve cloud security, and your sleeping habits:
[easy-tweet tweet=”Here are five quick tips to improve #cloudsecurity” user=”comparethecloud” hashtags=”cloud, infosec”]
For many IT professionals, the benefits of cloud computing are balanced by the worry of lost or stolen data. However, there’s a simple way to solve this problem if you’re just starting a move to the cloud: Keep confidential information close to home. Think of it like a trial run; use the cloud for often-accessed files and documents that aren’t confidential or required for regulatory compliance. You get the benefit of cloud service without the spectre of serious data loss.
Over time, you’ll want to move critical line-of-business (LoB) data onto secure cloud servers. Though what happens if another client on the same public server is hacked, or your vendor is somehow compromised? By encrypting data in-house or by using a third-party service, however, you significantly reduce the value of this information to an attacker.
For many IT professionals, the benefits of cloud computing are balanced by the worry of lost or stolen data
Best bet? Look for a vendor that offers “zero knowledge.” In this scenario, not even your cloud provider has any knowledge of your encryption method; local admins hold the key. Even if your provider had its database hacked or a government agency demanded access, your files stay safe: Only you can unlock their contents.
Outsource with care
There comes a time when most businesses use enough services and store enough data in the cloud that security-as-a-service (SECaaS) starts to make sense. The key? Outsource with care. Look for a vendor that offers customisable security solutions and total transparency: You need to know exactly how your data is protected, how new threats are detected, and how the company will respond in the event of an attack.
Pay attention to personnel
While outside actors can pose a serious threat to cloud security, IT admins also need to manage internal threats. In many cases, employees and executives don’t mean to compromise security but do so out of ignorance or in an effort to quickly complete their current task. To manage insider actions you need a reliable cloud monitoring tool that permits greater scrutiny of those with greater access: What are they accessing, when and why? It’s also critical to offer security training in proportion to access — those with permission to move or alter valuable data need more training and clear expectations for use.
In many cases, employees and executives don’t mean to compromise security but do so out of ignorance or in an effort to quickly complete their current task
Drill down to devices
The last tip for better cloud security? Target devices on your network. With most users now accessing the cloud through their smartphone or tablet, it’s not enough to secure desktops: Mobile devices with corporate network access must include application management tools to separate personal and professional data, in addition to patch management solutions that ensure app security is always up to date.
[easy-tweet tweet=”To manage insider actions you need a reliable #cloud monitoring tool that permits greater scrutiny” hashtags=”Security”]
Moving to the cloud is a daunting prospect for many IT pros. De-stress by prioritising data placement, always encrypting information, outsourcing where applicable, and managing both employees and their devices.