According to an estimate by Research & Markets, the global cloud computing market will grow from USD 2.8 billion in 2019 to USD 9.0 billion by 2024. It’s not hard to see why; cloud computing-public and private-offers the advantage of a lower cost of ownership of IT applications, super-fast time to market, and unmatched surges in employee productivity. But with this explosive growth, cloud computing brings extra risk to your organization; a security breach of your data can cause the loss of ultra-sensitive information and intellectual property, compliance violations, credential breaches and hijacking of accounts. Making sure the right security measures are in place, and utilizing common-sense best practices are key to protecting your data in the cloud. Here are a few of our suggestions:
- Understand the Risks, and Ask your Cloud Provider the RIGHT questions. It’s critical to consider the areas of risk and vulnerability your company may be exposed to, so you can select a cloud partner who can address your unique security issues. Before making a significant investment in a cloud computing strategy and platform your organization should conduct a thorough risk analysis. Be sure to include risk management professionals in your cloud design and deployment project, and make sure that you seek counsel from the legal and compliance teams.
- Once you and your company have decided to move to a cloud service platform your first step is to choose a provider that fits your needs. Some points to take into consideration on your search are:
- Are their security standards appropriate? Do some research. Make sure that the company has a good reputation and solid security policies. Remember, you are trusting this company to store your sensitive business and personal information.
- How much data will you be storing? Search with a realistic expectation of the size you need to store all your files. Many companies charge by the amount of storage you are requesting.
- Is your data encrypted when being uploaded to or downloaded from the cloud? Make sure that your browser or app requires an encrypted connection before you upload or download your data. Look for the “https://” or the padlock beside the URL in your browser.
- Is your data encrypted when stored in the cloud? You will have to read the terms of service to find this out, but often your data will be stored on the cloud server with no encryption, this means that anyone that has (or can get) high level access to that server will be able to read your files. This may not be an issue for many files, but you should carefully consider what kind of information you are storing in the cloud and whether you are comfortable with some other person you don’t know accessing it. At a minimum, no data that is protected by law (medical information, personal identifiers, financial data) should be stored in the cloud unless the storage solution is encrypted and you know who can decrypt it (it should only be you or your organization) and for what reason.
- Understand how access is shared with your cloud folder. Several cloud storage providers allow you to share access to your online folders with other people. Be sure you know in details how this works.
- Understand your options if the cloud provider should be hacked or should lose your data. Services like this require that you sign their terms and conditions before they allow you to use the service. In the vast majority of cases, these conditions state that you have very little, if any, remedy if anything bad should happen. Be aware of what you are signing away.
- Remember: ultimately YOU are responsible for your data. See above. The first, most important thing you must understand about data security in the cloud: you can outsource the processing and storage of your data, but you can’t outsource responsibility for securing it. Security takes a commitment from everyone in your organization not just the IT staff or security personnel. In fact, according to insurer Beazley’s Breach Insights report, as of July 2018 fully 30 percent of all security breaches were caused by employee error or fraud. Ever-changing malware and social engineering attacks are a constant threat, so educating employees to identify red flags found in fraudulent email sources and implementing strong, consistent password policies are critical in mitigating internal data security breaches.
- Establish Strong Data Authentication and Access Policies. Now that you have addressed the general employee level of exposure what steps can you do to secure your data in the cloud? The idea here is to contain, mitigate and report any form of intrusion. Limiting users to access only the necessary applications and data essential to their job function in essence limits the reach of a rogue employee; Role Based Access is a key step in securing your data and environment.
- Always Backup your Data. One of the most overlooked aspects of cloud computing and one of the easiest way to increase the control of your data is to make sure that whatever happens, you have a secure backup of that data. This is more about securing your business than your actual data but provides the same type of peace of mind.
- Be Proactive. Regularly test your data security with regularly scheduled penetration testing, vulnerability scanning and employee assessments. Make sure you have a well-defined process in place for regular patches and updates.
Achieving sufficient security assurances in the cloud is possible but it is not guaranteed. Just like any other IT project, you have to do your homework and in the case of security, it is better to be safe than sorry!