As companies migrate to the cloud for broader access to applications and scalable storage at a reasonable price, concerns about security in the cloud are rising. The 2012 SailPoint Market Pulse Survey found that over one-third of U.S. businesses have or plan to have high-risk data stored in the cloud, and more than 95 percent of those surveyed have security concerns about the cloud. While it can certainly be a worthwhile investment, there are several best practices you should follow to make your cloud computing experience safer.
Top Security Risks
Hackers and data thieves. While you run this risk when storing data in-house, you also run it in the cloud. If you select a shared cloud, your risk is greater, too—should a hacker breach another business’ security protocol, he could access your sensitive data because it’s on the same cloud. Security monitoring and data encryption mitigate this risk, but it cannot be eliminated.
Data loss. Simply moving your data to the cloud does not mean it is secure and free from loss. Investigate the cloud provider’s security and backup practices to ease worries.
Unauthorized access. While most cloud storage systems allow you to define access control, rogue employees or data center workers could gain unauthorized access to your data. Review access control after any cloud update, as privileges may reset accidentally.
Five Best Practices
Read the fine print. When selecting a cloud storage provider, read the fine print in the vendor contract. The word “shall” indicates that the vendor is obligated to perform that duty, while weaker words like “try” are no guarantee.
Perform regular backups. A secure backup is an important part of any cloud strategy. Although infrequent, you could lose data access if the cloud data center has a power outage, or a data thief could raid your cloud. As a best practice, store backups in another location. If that cloud data center is destroyed by fire, you lose access to all your data. If you have a secure backup in-house and another backup elsewhere, you can resume business.
Use strong passwords. Eighty percent of 2011’s computing security issues stemmed from weak administrative passwords such as password, welcome or 123456, according to the 2012 Trustwave Global Security Report. When an employees use strong passwords, they lessen the chance a hacker will gain system entry.
Stay plugged in. Follow cloud vendors, data storage providers and security experts on social media. If there’s a sudden security threat, spyware epidemic or other problem, these guys will tweet and post about it. Identity security expert @Lifelock posts valuable information on Twitter, including tips for security monitoring and insights into threats.
Keep sensitive data secured. Third-party vendors with access to your cloud could cause a data breach if their security policies are poor. Ask your cloud vendor whether third-party vendors will have access to data. For the most sensitive enterprise data such as prototypes, customer financial records or medical records, consider storing the data in-house if you have any doubts about the security policies implemented by the cloud provider.