Protecting Your Data in the Cloud – 6 Steps
Is the corporate information you store in the Cloud really secure? Expert cloud consultants address these concerns and more.
One of the foremost criticisms against cloud computing is that the convenience it offers come at a high price: the security and privacy of your information. But few people know that this also happens to be one of the biggest myths of cloud computing migration .
The truth is that cloud services are very secure. As a matter of fact, most popular cloud servers are probably much safer than any traditional software program that has to be physically installed on each computer.
Case in point: even the Feds are starting to flock to the Cloud.
The U.S. Army, Air Force, Navy, DOJ, USDA, Department of Education and other federal government agencies are among some the first adopters of the Cloud, with more to surely follow. At the 2013 Federal Cloud Innovation Forum: Innovation Without Risk round-table in Washington D.C., IBM announced that they are launching a new center to help bring the Cloud closer to federal organizations by developing strategic and secure cloud servers.
Cloud computing companies like IBM and Microsoft know that true security is more than just tracking who (or what device) is accessing which file or program. Security is also about weeding out the real threats from false ones by analyzing streams of information to come up with a model of communications occurring on the Cloud.
To address these concerns, cloud developers hire some of the best security analysts in the world to test their product's risk potential. What's more, cloud applications are upgraded daily, or sometimes hourly, which make them significantly less “buggy” than most software you install and run on a physical server.
Why, then, is everyone so worried about cloud security?
The real threat to data protection in the Cloud lies not in the security capabilities of most cloud computing applications, but rather the mistakes that are made by users who access the data, allowing privacy breaches to take place.
For instance, suppose you are working for an oral surgery practice. The head surgeon and other doctors use a file sharing service like SkyDrive or Dropbox to store thousands of files relating to patient dental records, health information, personal addresses, contact numbers, and other confidential data onto the Cloud.
However, each doctor wants to access these files when they are outside the office as well, so they sync the data onto their personal devices (laptops, tablets, smartphones, etc). They then share these files with colleagues in other practices and organizations, and before you know it, hundreds of individual devices contain confidential patient records.
So the question is not How do we make the Cloud more secure?, but instead How do we make sure user mistakes and privacy breaches are minimized? .
More and more we are seeing employees, customers, business partners, suppliers and other company contributors accessing corporate data via the Cloud on their mobile devices. Fortunately, there are a few simple preventative measures you can take to protect your organization from these security risks:
- Know who is accessing what . Establish privileged users in your network—such as database administrators and employees with access to high value data—and train them on how to handle and maintain secure data appropriately.
- Limit data access based on device. Customize the degree of access a user can have to corporate data when logging on from a remote or private device. For example, a doctor may be granted full medical records at the hospital, but must go through additional security steps when trying to access the data through their mobile device.
- Take a risk-based approach to cloud security. Flag databases that have highly sensitive or valuable information, and implement extra encryption, monitoring, and protection around them.
- Extend security to mobile devices. Make sure company data is separated from personal data on mobile devices. Install a patch management agent to keep the software up-to-date, and regularly scan mobile application for vulnerabilities.
- Add business intelligence to data protection. Consider adding business intelligence solutions to provide analytics and insight into which users are accessing what content and applications.
- Build in an advanced security layer. The trick to security is finding meaningful warning signs of a potential threat or security risk. By adding a layer of advanced analytics, you can use this security data to provide real-time visibility into your cloud infrastructure.
While it is important to develop a plan for reducing risk and protecting data from leaks, it seems that doubts about cloud security are often used as the first excuse for not migrating to the Cloud. This is a mindset that needs to change.
“The great thing about security is that it can play the role of an excuse very easily—it can always be the ‘just because' reason,” said John Thielens, Chief Information Security Officer of Axway in a recent blog post. “It's really kind of an unfair game to play, to talk about security. I think even the word is the wrong word, that we should be talking about risk. There are risks from the old way and there are different risks for doing things the new way, the cloud way. People who just say no because of security are not really engaging in the right discussion.”
Start engaging in the right discussion by talking to an experienced Microsoft cloud computing consultant at Innovative Architects today.
We are happy to answer any questions or reservations you may have about migrating to the Cloud. And if you are ready to migrate from your existing server to the Cloud, contact us for a free cloud migration consultation today.