Guidelines to improve Cloud Security
Almost every business nowadays is using cloud services for most of their critical business applications. Some of the most popular include Microsoft Office 365, Salesforce, Dropbox, Adobe, Google G-Suite… and many more.
Every business stores a ton of very sensitive data in the cloud, these days more than before. When it comes to Amazon, Google and Microsoft, it is sure that they offer the most secure environment somebody could ever hope for.
Nevertheless, even if the cloud services do a great job when it comes to protecting the company’s data, they cannot protect it when the data leaves the cloud to interact with other systems. And exactly this is happening every day since employees’ access, download and transfer all data from all the sorts of devices in all sorts of places. Usually, security breaches are very rarely caused by poor data protection it is mostly due to human mistakes.
However, there are ways in which companies can protect cloud security. The most successful ones include:
- Deploy Multi-Factor Authentication (MFA)
We are all aware that the traditional username and password combinations are usually insufficient to protect user accounts from hackers, and we all know that stolen credentials can lead to hackers getting access to somebody’s online business data.
In order for the protection to be improved, it is highly recommended to use multi-factor authentication, which is also known as two-factor authentication in order to guarantee that only the authorized personnel can log in to cloud apps and access all the sensitive data. Most security experts say that it is considered negligent if you don’t implement MFA.
- Manage the User Access to Improve Cloud Security
The number of employees that can have access to every application, every piece of information and every file should be managed. Each employee should view or manipulate only the applications or data that are needed for him or her to do their job.
It helps to prevent that an employee may accidentally leak editing information that he or she isn’t authorized to access, or if an employee who has access to everything gets tricked by a malware email – the hacker gets the keys to the whole company!
In order to take away the burden of user access and management, a company could simply employ a qualified IT consultant.
- User Activities should be monitored, logged and analyzed using the automated solutions to detect intruders
If the monitoring is used it can help the manager of the company to take notice of the events that are different from the usual ones such as login from unknown IP addresses or devices.
These actions could usually indicate the breach in the system so following them and fixing security issues beforehand can help prevent the mayhem.
Some of the solutions could be:
- Vulnerability Scanning and Remediation
- Endpoint Detection and Response.
- Creating a comprehensive off-boarding process to make protection from departing employees
If employees leave a company it should make sure that they no longer have access to the systems, data, customer information or any other properties.
A company needs a systemized deprovisioning process to ensure that all the access rights to each employee that is departing are revoked.
- Anti-phishing training for employees regularly
Hackers can get access to secure information by stealing employees’ login credentials usually through phishing, spoofing websites and or any kind of social media spying.
The phishing training should be “ongoing” since it is a continual process that needs to be managed by someone within the organization so it can be highly effective!
- Cloud to cloud back up solutions
As mentioned previously, the odds of losing a company’s data because of the cloud provider’s mistake are very low – but losing the data due to human error is extremely high.
Most cloud providers, including Microsoft, do store deleted data for a short period, but if an employee accidentally deletes data, and a hacker obtains an account password and corrupts the data – there is nothing Microsoft can do past a certain period.
Companies that must abide by strict regulations are turning to cloud-to-cloud backup solutions. There are many of them on the market today and many of the IT consulting companies that can help determine what is the best solution for some company.
Cloud computing is indeed definitely more secure if the right precautions are taken. Experienced IT professionals and following the industry best practices in installing, provisioning, selecting and managing cloud services can help a company get the most out of cloud computing while still maintaining a high level of security to protect the sensitive data.
Source: Secureworks, Carnegie Mellon University
