David Blevosky, CEO of Cloudhelix, highlights how securing your data in the cloud is straightforward and can protect your business against any expense and reputation damage caused by cyber crime
There are more media stories around data breaches and security crashes than any of us would like. In fact, according to the latest DCMS’ Cyber Security Breaches Survey in July this year, a third of businesses admitted having cyber security breaches or attacks in the last 12 months. This kind of figure can fuel concerns, but with best practice, securing your data in the cloud can ensure you’re not affected by any damage that cyber crime can cause.
Cloud safety isn’t just a silver lining
It needs to be built into best practice, just as you would on any computer in your company. Being cloud-based may mean less direct control over your infrastructure but your data is still in your hands and will need proactive security management rather than relying on reactive cyber security.
The threat landscape is created by motivation. From chancers randomly exploiting weaknesses, criminals looking for financial opportunities, disruption from state-sponsored attacks, to dissatisfied employees exacting their own brand of revenge. All are motivated to steal, lockdown or destroy your data. But it doesn’t have to happen.
The good news you need to share within your company is that moving to the cloud will make security tasks, and therefore securing your data, easier. Security isn’t a bonus add-on: a multi-layered approach (defence in depth) with coordinated defences across your system will protect you against the multi-pronged attacks that are now everyday occurrences.
Getting your stakeholders on side
In the run-up to a cloud project getting your stakeholders on side is going to be a lot easier than the awkward conversation you could be having in an emergency somewhere down the road.
Working with a cloud provider who understands your security risks will make this transition smoother, and will help the business as a whole understand what security management you, as the client, are responsible for. For example, with managed hosting services, your burden can be shared rather than resting on you to stay safe.
Best practice
With the right cloud provider, staying safe in the cloud can be taken of. There are of course elements of best practice that you, your team, and the business as a whole will be responsible, but we’ll get onto that. First – what can people like us do for you?
As mentioned above, when moving to the cloud, you lose control over physical security – but this is a good thing. Not many companies can meet the costs of protecting their data in-house in the same way that a cloud provider can. Expect manned security 24/7, recorded CCTV, biometric scanning, along with data loss protection against outages, natural disasters or even human error.
An example of human error can be found in managing vulnerabilities. Patch management is a process that can protect against exploitation but often isn’t carried out consistently because of other pressing issues. Working with a cloud provider will mean that burden is lifted, and monitoring and maintenance will be part of the everyday service.
Other elements to check for in what your cloud provider offers are:
- Encryption of data in transit, and in rest;
- DDoS mitigation;
- IDS – intruder detection solution; and
- Action log management.
Where can you and your team start?
Unfortunately, it won’t be all down to your cloud provider. For the business as a whole, begin by considering how much of your data is not needed. Reducing volume minimises risk, and you can start with the redundant, obsolete, or trivial. GDPR legislation brought in minimisation to customer files, but the principle can be applied across all your business data.
This can be established in a defined data deletion policy. With any kind of policy, including your main formal security policy, it must be communicated, and more importantly enforced throughout your business.
Of course, it’s not a surprising that the biggest risk lies within. Your people, whether doing something they shouldn’t have, or not doing they should have, can cause breaches. However, this can be secured by:
- Appropriate, and regular, training;
- Communication on policy, and potential threats;
- Restricted admin access for software installs or all file access;
- Additional security levels with multi-factor authentication alongside passwords.
A holistic approach
For any business to be secure, technology, policy and people need to be combined. Technology does the majority of the work, what data is needed and who can access it is defined by the policy, and your people can then enforce this whilst taking a secure approach to their daily workloads. Add your cloud provider who understands this and your business into this mix, and you have a perfect approach to being secure on the cloud.