Cloud Security

When discussing the many benefits of cloud computing, we meet the most resistance due to one factor above all others…

Security.

And the recent breaches at Yahoo and Dropbox are only fueling those concerns.

It’s funny, but people seem to take greater care protecting their personal information than their business information:

  • they make concerted efforts to shop websites that encrypt personal data;
  • they don’t have one key that opens their car, their safe and their home that they willingly hand out;
  • they pay for protection services like Lifelock and fraud monitoring that provide a monthly audit of their financial accounts;
  • they wouldn’t leave their teenagers unattended with unlimited access to their wallet.

When it comes to business operations, the same precautions are not always taken.  Many business owners do not encrypt information they store on-line, they freely pass around API keys, they do not do internal monitoring, nor do they control employee access to sensitive business data and documents.

In March of 2012, Symantec sponsored the 2011 Cost of Data Breach Study and found that the majority of data breaches are inside jobs – due to either employee negligence or malicious acts of disgruntled employees, past or present.

Paying attention to the following 4 points will lessen not only the likelihood of a data breach, but also the impact of a breach on your company:

  1. Encrypt Sensitive Data – Anything that gets stored online – employee’s social security numbers, user names/passwords, intellectual property, tax returns, etc. – should be encrypted or redacted before being stored in the cloud.  If the storage site is hacked, your files will provide no useful information.
  2. Protect API keys – API (Application Programming Interface) keys are the keys to your website kingdom.  They dictate how website applications interface with the cloud service providers that allow your business to distribute content, data, and services through your website.  These should not be emailed or stored on file servers that anyone can access.  Anyone that has access to these keys gains access to your website.
  3. Audit Cloud Usage – Your cloud service provider will provide you with a record of how the service is being used.  Pay attention to this information.  You can see who is logging on, how often, and what information they are accessing.
  4. Control Access to Data – Only allow your employees access to the information they need to do their jobs.  Your sales team does not need access to accounting information.  Your accountant doesn’t need access to intellectual property.  Also, do not allow your employees to access sensitive data while off-site or with their personal computers.

Adhering to these simple precautions will greatly increase your security.  Don’t let the prospect of a data breach prevent you from enjoying the cost savings benefits you receive when you do business in the cloud.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s