Easy steps to getting to grips with cloud app security for businesses of any size.
One of the key reasons why businesses were initially put off by cloud services was concern over security. And whilst many damning headlines have trumpeted the dangers from hackers and data leaks over the past decade, the truth is more nuanced.
As businesses looked into the technology more deeply, they realised that a cloud solution was actually a way to improve their security. This is what cloud providers have banked on when developing a reliable, trusted business model after all. Now millions are moving their business to the cloud, with the latest figures from the Cloud Industry Forum showing that cloud adoption rates in the UK are at 84 per cent and still growing.
So if you are new to cloud, or not au fait with the IT jargon inherent in the deeper discussions of business software, read on to fast track your way to business cloud ninja-hood.
[easy-tweet tweet=”Read on to fast track your way to business cloud ninja-hood” hashtags=”cloud, ninja, security”]
“Bujinkan” (divine warrior training hall) – Dual-factor Authentication
One of the many criticisms of consumer cloud solutions is that they rely on a single password and username to control access. We use these services every day – think Facebook and Yahoo! But with enterprise apps you need to look for dual-factor authentication, because business data is often much more valuable than your individual data. That’s why criminals are desperate to get it.
Some cloud solutions build this in. With Microsoft’s Office 365, for example, you get an additional layer of security, with the ability to add dual-factor authentication to the login process. To access your data on any service with dual-factor authentication, you need the standard password and username, and must also provide additional proof that you are who you say you are. On a mobile device this can be using the fingerprint reader, or on a desktop, it can be a text message with an ID that you then input into Office 365. Some banking software does this too, making your data much more secure. Consider this a grounding before learning the really impressive ninja skills.
“Buyu” (warrior friends) – Regular Data Backup
What use is data that isn’t also secure from loss? Once it’s in the cloud, the point is that you want it back sometimes. Some services offer a ‘free’ backup and recovery service as part of the whole solution. With Office 365 as an example, you not only get the scalable collaborative tool to meet your business case, your data is also continuously backed up and saved in multiple locations around the Microsoft network. If you do accidentally delete a file, it can be restored quickly and easily with just a few clicks.
[easy-tweet tweet=”What use is data that isn’t also secure from loss?” hashtags=”cloud, security”]
Any cloud service should offer this backup facility. Depending on the solution, you might also want a full versioning and auditing system, enabling you to see who made what changes, to which files, and when. These systems makes it easy to go back to a certain point in a file’s life to correct an error. Should something be overwritten or deleted in that file, you can easily spot where mistakes were made. Ninja skills indeed.
By extension, your backup should be able to work as a disaster recovery solution. Should your business be affected by floods, fire or any other natural disaster, you can still carry on working with your files on Office 365, no matter where you are in the world, or which device you choose. Your data is held securely within the Microsoft Office 365 data centre. This is automatically copied to other data centres within your geographical area. So even if the Microsoft data centre is affected, there’s another copy in a secondary location that can be relied on.
Dan (black belt grade) – Always up-to-date
One of the key areas where businesses expose themselves to security problems is in not keeping up to date with the latest versions of the device operating system or the application they are using. It’s easy to understand why, when the day-to-day business of doing business is so onerous. However, hackers have become increasingly more sophisticated and deliberately target businesses that are using out of date or unpatched applications. They exploit known problems in the systems to gain access to your data and other parts of the network.
With smart cloud solutions like Office 365 you no longer need to worry about which version of the software you’re running, as it automatically uses the most up-to-date software. Because the data remains within Microsoft’s Office 365 network, you’re protected from other exploits and problems on your viewing device.
Ninjutsu (the martial art of the ninja) – Privacy Settings at all Levels
On a typical office file sharing system, you are usually allowed to access files in a given section, or project, or on a particular server. Once you start to allow external users into projects, which is becoming the norm in most businesses, security becomes more difficult to manage.
If you give your external users access to a particular server, it’s difficult to prevent them downloading anything they find on that server. Likewise on a project, they may be able to view files that should only be for the management or director level users to see.
Chose a solution with variable settings from the get-go. You will want to get privacy and security settings that can go down to a file level. You can then decide exactly who can see a particular file or project, and those users only have that view and nothing else.
Additionally, you should see about the ability to make files viewable by particular grades within a business, or restrict all non-internal users from accessing files or projects. Most importantly you should be able to remove viewing rights quickly and easily at the end of a project.
Soke (grandmaster) – Putting it all Together
A ninja-like awareness of the cloud environment doesn’t have to be like walking a tightrope or balancing a dagger on your nose. It comes down to remaining aware, staying alert to the possible threats and weaknesses of your processes and services, and staying strong with the right security for your needs. In the world of martial arts this is known as ‘zanshin’ – a state of awareness that a ninja displays.