Secure in the Cloud—Steps You Can Take to Protect Your Data
Cloud computing offers a number of benefits: flexibility, scalability, collaboration, automation, among others. These advantages are particularly felt in small-to-medium-sized businesses that may not otherwise be able to afford technology solutions to make them competitive with larger corporations.
Despite this, some business owners hesitate to make the jump to the cloud. Cloud computing, by its nature, means that businesses must give up some control of their data, and because of that, security is often cited as the number one inhibitor to migration.
So, how can you enjoy the benefits of the cloud while minimizing the potential security risks? Working with your cloud provider is essential. While there are certainly steps that you need to take to protect your data, you should also know how your provider handles security. That being said, here are some best data security practices that you can implement to keep your data safe:
Data encryption is essential when using cloud storage. Encryption can ensure that if even if someone were to gain access to your data without your authorization, they could not read or use it.
In cloud environments, it is sometimes a practice to store encryption keys on the same server as the encrypted files to make access easier. If at all possible, you should avoid this, since anyone who has access to the files also has access to the encryption key. Always store the encryption keys separately from the data they’re meant to decrypt, preferably on your own servers. In fact, even if your cloud provider offers encryption as a service, you should retain control of the keys in case the datacenter is hacked or the company is subpoenaed.
You likely already have at least some user/role-based restrictions on who can access what data. Cloud storage should be no different. Assign different users different data-access levels based on the information they need. In addition, you may consider process-based limits where users can access data only within certain contexts or functions.
You may also wish to set up location-based restrictions. An employee connecting via the company’s Wi-Fi, for example, may have full access to your financial data, but that same employee may need to provide additional authentication information before retrieving the data on her tablet at the airport.
Along with this, you will also want to know exactly who, if anyone, at your cloud provider can access your data, what their roles are, and what they can do with the data. As shown in papers written by O. Nimeskern and others, systems must monitor data access on a constant basis to avoid the risk of getting compromised.
Along with this, you will want to set up clear guidelines for device management. The cloud can be a huge time-saver for companies with multiple offices or for companies whose employees often telecommute. If this is the case for you, you will want to think carefully about how and what data users can access from their own devices. You may want to limit your most sensitive data to company-owned devices only. Another idea is to provide read, but not write access.
The key here is to set up enterprise mobility management solutions that work for your company and manage employee-owned devices. These processes can involve frequent synchronization; the ability to track down, lock, and wipe the devices; multi-factor authentication; the ability to differentiate between company and personal data; and more.
Regular monitoring and maintenance is important to ensuring cloud security. Carefully watch who is accessing what data and check for potential security risks or attacks. Adding in a layer of advanced analytics can help to provide real-time visibility to the cloud infrastructure.
Are you in the cloud? What are you doing to maintain security? Let us know in the comments below.