Avoiding digital migraines: 4 best practices you need to know about cloud security
You can’t avoid the cloud. Some IT pros have chosen to embrace this maturing technology while others dug in their heels and doubled-down on local stacks, but here’s the bottom line: the cloud is coming.
Employees are using mobile devices on your network, leveraging cloud-based apps at work, and going around IT restrictions they deem too onerous. According to The Wall Street Journal, in fact, the average company now uses more than 1100 cloud services — and the number is growing 20 percent per year. Here’s the question: How do you beef up cloud security and avoid an ongoing digital migraine? Here are four best practices to stay sane:
Don’t go at it alone
As noted by SC Magazine, effective cloud security requires a diversification of risk. In other words — you can’t be responsible for everything. Make sure you know exactly what’s covered by providers in their SLAs; what are they on the hook to provide in the event of a compromise or breach, and in what timeframe? If they fail to meet these expectations, what’s the consequence?
You also need help from other staff members, specifically an executive contact who’s responsible for department-wide oversight. This could be the CSO, CISO or even CTO — title doesn’t matter here so much as where the buck stops. Without a hierarchy of responsibility and reporting, cloud security goes nowhere fast.
Test (and test again)
So you’re in the cloud. Chances are, your provider has decent security architecture in place since this is what it does for a living — but that doesn’t let you off the hook when it comes to testing. However, consider this: A breach occurs and you’re on deck. Knowing your provider should swoop in and save the day is well and good, but probably won’t prevent you from having a meltdown during the wait. Better bet? Set up an active testing protocol. Test, then test and test some more. Test multiple failure types and response scenarios so that if (when) a cloud security problem comes up you’re already on the move.
SEE ALSO: Cloud computing myths debunked
Want to make your life easier? Start by doing something that isn’t so simple: encrypt everything. Encrypt it at rest. On the move. In storage. Hold the keys, and don’t give them to your cloud provider — it’s not its job to know what you’re storing or moving, only to do so safely and indefinitely. This may take some work, since executives often balk at the amount of work required for end-to-end encryption, but it’s worth the fight if someone does hack the cloud but can’t get anything useful from your data because it’s all just encrypted gibberish. End result? You stay sane and data stays safe.
Don’t be passive with passwords
With two-tier authentication quickly becoming ubiquitous and tech-like biometric scanning on the horizon, it’s easy to get passive with passwords — after all, chasing front-line staff and executives alike to change them every six months is a hassle. Consider this though: The two most popular passwords in 2015 were “123456” and (brace yourself) “password.” While it’s tempting to wait on better security to solve the password problem, many existing logins are so bad they’re basically giving away company secrets. To stay same, crack down on weak password creation.
Security in the cloud is no easy task — to avoid IT headaches, always have your company, test (test, test), encrypt everything and don’t back down on picking better passwords.