Each year, investment in cloud platforms grows more than 20%
as an increasing number of companies begin to transition to virtual storage and operations. Moving to remote cloud servers comes with many benefits, including three important factors needed as a company grows: scalability, shareability, and a larger communication scope. Cloud operations remove the worry of updating servers if storage needs change or the company expands and moves. Files and documents are also accessible from any location and any device with the right log-in information.
The rise in popularity of SaaS and PaaS services has a lot to do with new, innovative companies offering customizable solutions to everyday corporate and technology needs, such as lead generation maintenance, process funnels, and payment chains. This sudden popularity, however, not only receives attention from investors and developers, but hackers.
As with any cybercriminal focus, cloud platforms are seen as a land of opportunity because the additional service expands the area available for a hacker’s reach. Before, the only hacking portal may have simply been a server within the company walls. Now, in addition to that server, there are payment processes and client lists lingering in the cloud. When you consider that in 2017 we may see 73%
of all data ever created located in cloud environments, it’s more important than ever to audit cloud platforms for security before making the investment.
Many companies wonder how secure this intangible platform—where so much important information and documentation is stored—can truly be. They wonder whether or not the keepers of the cloud are protecting it against hackers and threats and if there are checks and balances in place to keep providers honest.
These questions, while valid, may be looking to place blame in the wrong place. According to Symantec’s recent security report
, poor management of credentials by users
—not by cloud platforms—were largely to blame for information hacks.
Steps to mitigate these attacks begin with simple, user education as cloud onboarding begins.
- Vet the platform or provider before signing on the dotted line.
Research their privacy and security practices as well as any past breaches and ask up-front what they’ve done—and plan to do in the future—to ward off these threats.
- Once onboarding begins, IT teams need to properly configure accounts to the cloud.
Hardware and software settings will depend on the type of cloud platform being used and where their service is hosted in the cloud. Proper configuration enables company networks and the cloud to communicate, share data, and interoperate.
- When configuration is complete, keep a tight control on access to the cloud.
“Implement a roles-based access system to only allow access to the parts of the systems and data that are pertinent to the job function that the employee has been assigned,” says Gene Richardson, COO of Experts Exchange.
If employees have no direct day-to-day needs for accessing this information, limit access. Establish processes for those without access to request any one-off reports or data grabs from employees with access.
- Consider creating a 2-step verification process for log-in.
“For anyone with elevated privileges to business-critical cloud accounts, I've made it a requirement that multi-factor authentication is enabled,” says Phil Phillips, DevOps director at Experts Exchange.
It’s important that access is layered, especially if you’ll have a large number of employees accessing information on the cloud. Set reminders for employees to change passwords and access codes on a regular basis for maximum precaution.
- Log events and actions in the cloud to determine who is accessing data and when, giving you full disclosure to what’s happening to your information.
A good way to approach this heavy task is to employ someone in compliance, providing them details on who has access to what IT/cloud services. Make them the keeper of policies for daily activities as well as removing access for employees who leave the company.
- Keep tabs on any security protocol adjustments to the virtual infrastructure you’re using.
Changes to the cloud platform can mean a need for updating in-house frameworks and procedures. Also, request to be informed of any external, internet-based services approved by finance and management that may not have been installed or vetted through IT first. (For example: video production software, photo editing services, malware prevention, etc.)
- Deploy data encryption and install external services for security assistance.
If security remains a top concern, invest in effective protection technologies, such as encryption of data at rest or a Cloud Access Security Broker to act as a gatekeeper between your company’s infrastructure and the cloud platform. The practice of end-to-end encryption is a smart rule of thumb for companies accessing any information on the cloud.
Moving information to the cloud will soon be a given in most industries. The reduction in cost alone of moving to a cloud environment (around 41%
according to a study conducted by Immunio) is worth the move, not to mention the automatic backups that occur to protect company information in real time. If you practice caution and precision during the cloud transition and create a robust security plan to mitigate any possible attacks in the virtual space, chances are your company can enjoy a secure cloud experience.
Want more information on cloud security? Check out our Q&A with one of our resident experts.