Fighting your IT fears: Five tips for better cloud security

It’s a safe bet: More than one IT professional has likely woken up in a cold sweat, convinced that an upcoming cloud move will open their organisation to significant security risk. No surprise, then, that the cloud security market is on track to reach almost $12 billion in the next six years as businesses look for ways to leverage the agility and flexibility offered by cloud computing while minimising risk. Here, John Schumaker, Cloud Services Manager at Gordon Flesch Company, proposes five quick tips to improve cloud security, and your sleeping habits:

[easy-tweet tweet=”Here are five quick tips to improve #cloudsecurity” user=”comparethecloud” hashtags=”cloud, infosec”]

Prioritise placement

For many IT professionals, the benefits of cloud computing are balanced by the worry of lost or stolen data. However, there’s a simple way to solve this problem if you’re just starting a move to the cloud: Keep confidential information close to home. Think of it like a trial run; use the cloud for often-accessed files and documents that aren’t confidential or required for regulatory compliance. You get the benefit of cloud service without the spectre of serious data loss.

Always encrypt

Over time, you’ll want to move critical line-of-business (LoB) data onto secure cloud servers. Though what happens if another client on the same public server is hacked, or your vendor is somehow compromised? By encrypting data in-house or by using a third-party service, however, you significantly reduce the value of this information to an attacker.

For many IT professionals, the benefits of cloud computing are balanced by the worry of lost or stolen data

Best bet? Look for a vendor that offers “zero knowledge.” In this scenario, not even your cloud provider has any knowledge of your encryption method; local admins hold the key. Even if your provider had its database hacked or a government agency demanded access, your files stay safe: Only you can unlock their contents.

Outsource with care

There comes a time when most businesses use enough services and store enough data in the cloud that security-as-a-service (SECaaS) starts to make sense. The key? Outsource with care. Look for a vendor that offers customisable security solutions and total transparency: You need to know exactly how your data is protected, how new threats are detected, and how the company will respond in the event of an attack.

Pay attention to personnel

While outside actors can pose a serious threat to cloud security, IT admins also need to manage internal threats. In many cases, employees and executives don’t mean to compromise security but do so out of ignorance or in an effort to quickly complete their current task. To manage insider actions you need a reliable cloud monitoring tool that permits greater scrutiny of those with greater access: What are they accessing, when and why? It’s also critical to offer security training in proportion to access — those with permission to move or alter valuable data need more training and clear expectations for use.

In many cases, employees and executives don’t mean to compromise security but do so out of ignorance or in an effort to quickly complete their current task

Drill down to devices

The last tip for better cloud security? Target devices on your network. With most users now accessing the cloud through their smartphone or tablet, it’s not enough to secure desktops: Mobile devices with corporate network access must include application management tools to separate personal and professional data, in addition to patch management solutions that ensure app security is always up to date.

[easy-tweet tweet=”To manage insider actions you need a reliable #cloud monitoring tool that permits greater scrutiny” hashtags=”Security”]

Moving to the cloud is a daunting prospect for many IT pros. De-stress by prioritising data placement, always encrypting information, outsourcing where applicable, and managing both employees and their devices.

+ posts

Newsletter

Related articles

Clarifying UK cloud adoption patterns

There is no doubting the shift towards cloud adoption. What is far more unclear is the exact path this is taking, and what ‘cloud adoption’ really means in terms of the IT choices made by UK companies.

SMEs: The Move from Legacy to the Cloud

Digital transformation is clearly a mainstream strategy, and the cloud has certainly shown its value in recent times more than ever before.

Don’t lose sight of SAP on Cloud operational excellence

Digital transformation projects can often become complex with twists and turns, which can lead organisations to focus solely on the migration itself.

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our Newsletter