Secure your cloud now: 19 tips you need to know
With the cloud now moving past the early adopter stage and fast becoming the market norm, attention is no longer focussed on whether or not businesses should implement cloud but, how they should implement it. This means looking into the different ways you can implement the cloud – weighing up the different factors such as cost and benefits. However, nothing is more important than looking into how secure your cloud implementation will be. Security in the cloud is a hot topic right now. Google searches for cloud security are at their peak, showing that businesses are now taking cloud security more seriously than before.
In this guide, we’ll give you the insight and information your business needs to use the cloud securely.
1: Keep backups off the network
First and foremost, this should really go without saying. Unfortunately, convenience and deadlines trump security. An IT manager under pressure or a ‘tech savvy’ staff member will make life easier by keeping the backups in the cloud or on the network. Should the worst occur and an infection gets on to a local PC, then into the cloud, then into the backup – what will you do? All of your files will be infected and you might lose those files permanently.
By keeping the backups off the network, you guarantee that you’ll always have a clean backup to restore to. Just make sure that backup is a recent one. You should be backing up on a daily basis at the least.
2: Take a proactive approach, not just reactive
When dealing with cyber threats, taking a reactive approach means you’re essentially allowing threats in and hoping that you can contain or remove them. This puts you at risk of compromising your data. With a proactive approach, however, you’re keeping threats out in the first place.
In The Register’s cloud survey 60% of respondents stated that they were using VPN connections, however, only 34% were using a firewall or encrypting data at rest. These figures do not paint a great picture for business security practices and companies need to be doing more to proactively protect their data.
3: Disaster recovery is imperative
Carrying on the theme of proactively protecting data, businesses should also be proactively putting plans in place should the worst happen. Rather than frantically reacting to an attack and potentially causing more damage, businesses should have clear plans in place that; notify the correct members of staff and if needed, authorities; specify what systems should be brought back online and how long each system should take to be fully restored. That’s just to name a few of things a proper DR plan should include.
Unfortunately, according to the Cloud Usage: Risks and Opportunities Report, 25.5% of respondents didn’t have any security policies or procedures in place, in relation to cloud security. On top of this, another 6.4% didn’t know whether or not they have policies in place. Businesses need to take greater measures to ensure visibility and accountability in relation to cloud security.
4: Get your vendor to work with you, not for you
You should work with your cloud vendor, not see them as another line item. By bringing them into the fold, you’re surrounding yourself with experts who know the cloud inside and out. They can then help your business to establish the best security practices, help train your staff to avoid dangerous threats and even help you to better control your data.
5: Use high-grade encryption
Encryption scrambles the data within a folder or document, making it unreadable. Then when it needs to be accessed again, it reassembles the file into its normal state. Encryption uses a special key to encrypt content and can only be decrypted with a specific key. There are two methods of encryption. With symmetrical encryption, the same key is used to encrypt and decrypt the content. Think of this like a lock in a door, with a physical key. With asymmetrical encryption however, a public key is used to encrypt content and a private key is used to decrypt it. Think of this like a keypad on a door. Anyone can lock the door behind them but only those with the right passcode and unlock the door.
“Encryption works best if it is ubiquitous and automatic. It should be enabled for everything by default, not a feature you only turn on when you’re doing something you consider worth protecting.” – Bruce Schneier, Cryptographer, Privacy and Security Specialist.
6: Threats come from all sides, even yours
People often perceive hackers working from the outside in as their biggest security threat. However, employees working from within pose an equal amount of risk. Whether intentionally sabotaging your business or just carelessly endangering it, Experian’s Data Breach Industry Forecast from 2015 claimed that employees were the cause for almost 60% of security incidents within that year. Over the next few years, this will become an even bigger threat, with employees working remotely and using personal devices to access sensitive data outside of the company’s network. Hosted Desktop is one answer to this problem and will only see greater adoption as more and more businesses move to the cloud.
7: Activity Tracking is the key
With cloud access reaching ubiquity, more and more people can access the cloud. Team members, clients and freelancers can access and edit files from anywhere in the world. Therefore, you need to implement restricted access and activity tracking to; say who can access specific files and see when they access them. By logging file access, you can then see when a file was accessed and any changes that were made.
8: Actually use strong passwords
If keeping backups off the network shouldn’t go without saying, then suggesting the use of strong passwords should really go without thinking. Unfortunately however, 90% of all passwords can be cracked within a matter of mere seconds. This is one of the reasons companies like Facebook and Apple are pushing for two-factor authentication as standard. We as humans are hardwired to take shortcuts wherever possible, minimising energy spent on decoding and/or recalling information. Although this makes us efficient thinkers, it also makes us more vulnerable targets. Keyloggers, social engineering and phishing scams are just a few of the ways criminals try to guess our passwords, without trying to brute force their way in.
9: Get the right talent on your side
In business, you should always surround yourself with people you can learn from and the cloud is no different. Security as a whole is no longer the biggest challenge facing C-level execs. Getting the right expertise in place is now the biggest challenge instead.
This may be due to more businesses adopting the cloud without having the technical expertise in-house, or simply because businesses are now more aware of the threats they face and want to be in the know.
10: Educate every member of staff
If employees caused nearly 60% of security incidents in Experian’s Data Breach Industry Forecast, then why aren’t we helping employees to better protect themselves and company data? Your business should really be helping employees to spot phoney emails and to make better passwords at least.
11: One cloud isn’t enough
A lot of people think of the cloud as a silver bullet. However, if you put all of your eggs into one basket you’ll suffer the same shortcomings as in-house infrastructure. That’s why you should partner with a cloud vendor who uses multiple data centres that are geographically separate. Should the worst happen and the main data centre goes down, your cloud vendor can switch you over to the other, therefore minimising downtime.
In this blog, we only covered the first 11 areas to look into when securing the cloud. There are many more ways you can secure access to the cloud which we didn’t cover here, such as ‘defence-in-depth’ and network segmentation.
You can find the rest of our actionable points in the guide “8 Tips To Avoid Ransomware In The Cloud” below:
KEEP UP TO DATE
With rapid growth, we are also expanding our UK footprint. Sign up for our newsletter to find out when we are opening a datacentre location near you, along with helpful guides and important company announcements.