What's the biggest mistake companies make when moving their data and operations to the cloud?
They think cloud services and storage mean data security is now the provider's headache. But that's not what you are buying.
Read the Ts&Cs of many cloud operators and you'll find you're signing up to a partnership of shared responsibilities.
Yes, cloud service providers carry the cost of maintaining an IT infrastructure that's beyond the budget of most small businesses to build for themselves.
But if data is lost – or worst still, you get locked out of your own cloud account - because of poor business practice or employee mistakes … well, that's on you.
Here are five simple tips to ensure you enjoy the benefits of the cloud while minimising the security risks.
1. Use multi-factor verification.
Many cloud operators offer their customers the option to add extra layers of security to the log-in process. Rather than just a single password, you can require a unique PIN code to be sent to your phone by cloud services like Google apps. Why is this important? Well documented data breaches that include password data and even more common threats like phishing – which has been around since the late 1990s – is still a growing trend. We're still clicking on bogus links in emails and inadvertently giving away data and passwords. That extra layer of security at the log-in process might sound painful, but it also makes it harder for hackers to break in.
Check before you sign-up to a cloud service that the data you upload and download will be encrypted both in transit and at rest by the provider. If it's not, there's a potential “attack vector”: stealing your data while it's on the move from point to point. If it's file storage you're using then consider encrypting your data before you upload it to the cloud. It's an effective way to add an extra layer of security to your confidential information. Sadly, most organisations fail to implement it.
3. Secure your endpoints
The cloud means that your data effectively follows you around. The great benefit is, of course, that you can access what you need, when you need it, wherever you are. But that's also the problem. You might be secure in the cloud, but lax in your security “on the ground” – in other words, the device and the network connection you use might make your data vulnerable. So ensure laptops and mobile devices have security software in place. There are good free solutions on the market. But also be very wary of accessing cloud data in public places or via public networks, secure them using a VPN to stop anyone from snooping.
4. Delete what you don't need
The final two tips are about good housekeeping. When your cloud storage service reports that you're using less than half your data allowance, there seems little incentive to delete old files. But it's good security practice to only keep what you need – the files you need either for legal compliance or day-to-day operations. It's easy to forget what sensitive information lies in old documents. Their value to you might have diminished over time, but their value to a hacker might be significant. So get into the habit of a regular clear out of old material – and not just a spring clean … this is a tip for every season.
5. Always back-up
And finally, give yourself a fail-safe option for your data. Back in the days of floppy disks, CD-ROMS and diskettes in the 1980s and early 1990s, it was part of the rhythm of working life to regularly back-up your most important work. Unreliable hardware or glitchy software made having data stored elsewhere a business critical issue. System crash? All you needed was to boot up on another device and use the backed-up version of your data. Hardware, software and cloud services are far more reliable these days. Regular off-line back-up remains a sensible process. With cheap, reliable external hard-drives available that can store terabytes of data, it's a small investment in creating a contingency option you hope never to need. Make sure you encrypt the backup and protect it with the same level of security you have on the live data.
All the latest data shows cloud services are growing – fast. The ease-of-access and relatively low operating cost makes them an attractive option to small business. Just be sure that when you're looking to reap the benefits, you're protecting your business from the pitfalls too.
Contributed by Tony Anscombe, senior security evangelist, AVG Business