I recently wrote an article for Cloud Computing Week UK discussing how IT teams generally approach cloud security and how we can change it for the better in 2015.
In 2014, businesses and individuals alike considered a plethora of opportunities to leverage the cloud. From iCloud for personal use to Office 365 for enterprises, there was a major shift to using online data storage and collaboration platforms. But we’ve come to learn that with opportunity also comes risk. These risks could result in potentially irrevocable damages for businesses – not only tarnishing a brand name, but also affecting the overall outlook on future technology or even the future of a company.
I recommend organizations implement different approaches for securing their cloud operations. Here are four ways to protect sensitive data from future attacks:
- Just-in-Time Access: With this method, access is granted on an as-needed and only-at-the-time-of-need basis. After the predetermined duration expires, the user loses access. This type of protection is most helpful when dealing with contract-based or temporary employees.
- Traceability: This helps overcome non-transparency concerns by reproducing and displaying the chain of events from log information indicating human operations, file transfers, and process activity as well as information from related systems – such as authentication and equipment management systems. This is traditionally achieved through the use of watermarking, auditing, and paper trails.
- Decentralization: This method attempts to improve speed and flexibility by reorganizing networks to increase local control and execution of a service. It also helps prevent maximum damage from data breaches by spreading data out across separate repositories.
- Front Door: Think of your organization as a home to your data. The primary point of entry in a home is the front door. Make sure you have a sturdy lock installed by preventing instances of accidental breach (e.g. users having too much permission, leaving passwords out in the open or too simple), social engineering, or exploiting password reset. Host training sessions for your employees on security best practices such as password design and storage.
2015 should be a year in which we do not fear the cloud or online services – it should be a year where we entrust providers like Microsoft, Amazon, Google, and Rackspace to safeguard our critical information on their platforms and fortify our efforts to guard the front door.
To read more about cloud security approaches, please visit Cloud Computing Week UK.
Learn how we can help your organization ensure a safe and seamless cloud implementation visiting our website.