Technology has changed the way businesses operate. It's enabling them to be more agile, grow quicker and allowing employees to work seamlessly anytime, anywhere whilst keeping data secure in the cloud.
Despite numerous headline stories relating to serious data breaches by large organisations, there can sometimes be a sense that businesses are in denial, that this kind of attack won’t happen to them. Alternatively, in this fast-moving cyber-security landscape, businesses are unsure of the best course of action to take to protect their data.
One thing that is certain is that the statistics relating to cyber attacks and crimes are ever increasing.
So, what steps can your business take to ensure it’s keeping its data as safe as possible in the cloud?
Every business is different so it’s important that when choosing a cloud provider they demonstrate that they understand the needs of your organisation and the requirements that you have for your data.
For example, you may have to adhere to certain regulatory requirements. Can the provider ensure you will be compliant? Make sure your provider has the appropriate industry accreditations and certifications to back up their claims. Also understanding the types of organisations they are currently working with provides a good indicator of who’s already putting their trust in their capabilities.
And finally - it can be painful but it’s essential! Go through contracts and SLA’s with a fine-tooth comb to ensure you fully understand the service that you’re signing up for.
It’s important to review the types of data that your organisation holds, some data will be more sensitive than others and will therefore require different levels of security to be applied. For example, some data should only be accessed by certain employees and so on.
In the first instance, encryption will form the backbone to securing your files, ensuring files are protected before they are saved to the cloud. You can also partner with a cloud provider that offers Software as a Service (SaaS) this will manage the encryption and decryption of files for you.
You can then also explore more sophisticated security tools such as credential management for limited access to more sensitive data.
It’s also important to keep in mind that data has different states, data in transit, data at rest and data in use - make sure that you're taking measures to protect your data appropriately in all states.
It’s important to assess what your data access points are across your business - here's some examples you'll want to consider:
Making a full list of where and how your company’s data can be accessed, and whether these locations are covered by your security processes will quickly reveal any glaring omissions in your current security processes.
Once you’re aware of all the potential access points throughout your business, it’s time to ensure that there’s a security system in place – whether that’s something as simple as enabling two-factor authentication for critical user accounts or implementing a fully functional secure firewall.
We've just alluded to this in the point above and the answer is yes! Mobile and remote working, employees connecting to wifi hotspots and BYOD policies are blurring the lines of the network perimeter.
This is where a next generation firewalls come into play – designed to protect your cloud environments (public, private and hybrid), your network perimeter and internet access. An example of a next generation firewall, Touch Secure, can be found here.
All employees need to play their part to plug any potential security gaps you have identified. It’s important to educate the business so they understand the role they play in keeping data secure. Information will empower them to be vigilant of any incoming security threats, such as malicious emails or suspicious content.
Also be clear on what action people need to take, who do they report to if they come across a suspected security breach? Remember to make company policies around data and security readily available to avoid any discrepancies over what is expected from employees.
Can you imagine getting to work to find you were unable to access any data or business applications? Your organisation would come to a complete standstill – in fact periods of severe down time can destroy a business.
So if your cloud provider's data centre burns to the ground or gets struck by an earth quake, what happens next? You need to know what their back-up plans are to ensure seamless business continuity.
Working with a cloud provider that has multiple points of presence gives you peace of mind that if disaster does strike your data is safe and business can continue uninterrupted.
If you're business wants more information on developing and implementing plans to keep your data secure in the cloud - download our cloud kick-start guide.