Although cloud computing can be counted as one of the biggest trends of the moment, it is presenting data and security challenges, particularly in the complex threat landscape we live in today.
Cloud brings a new consumption and delivery model that enables businesses to quickly deploy resources, which can be scaled up and down, with processes, applications, and services, all provisioned on demand. The advantages are obvious, and more and more users want to access cloud applications on smartphones, tablets, wearables and other pervasive devices.
When it comes to businesses, the big questions with cloud security are essentially “where is my data” and “who will be able to access it”. There’s also the question of “how will I be able to maintain oversight and governance of my data that is stored in the cloud”.
Robert Brown, CEO at DRS, a Cognosec company, says cloud security isn’t a simple issue. “Some view cloud security as a data centre challenge, some see it as a software issue, and others look at is as a data or device access issue. The truth is, securing the cloud really means finding out how to apply all these measures to your end users.”
He says there’s no question that cloud security services are maturing, bringing a cloud delivery model that has security delivered in cloud services more and more. “When looking at cloud security, a business has to get a firm understanding of the changes that that are involved in embarking on a cloud journey.”
Cloud doesn’t change the security basics, Brown adds. Businesses still need to look at a couple of crucial factors, namely whether security has been designed into how they build the cloud, and if security meets the specific requirements of the cloud environment.
Then there’s the question of who’s responsible for vulnerability scanning, managing software updates, and applying patches.
“The first thing to do, is to read the user agreement with your cloud provider. If you are unsure what cloud storage to choose or if you have any doubt about how one service differs from another, read the user agreement of the service you are planning to sign up for. This should answer any questions you have about their security measures and practices, as well as the areas they are responsible for,” Brown says.
Something else to consider is not storing your most sensitive information on the cloud, or on a public cloud in any case, he says. “Keep critical data away from the virtual world, or if this isn’t an option, focus the majority of your security efforts on securing that information.”
Next, he cites encryption. “This is undoubtedly the best way for a business to protect its data. In a nutshell, cloud encryption is a service offered by cloud storage providers whereby data, or text, is transformed using encryption algorithms and is then placed on a storage cloud. However, again, read your service provider agreement, because the cloud encryption capabilities of the service provider need to match the level of sensitivity of the information being stored.”
Finally, use and enforce the strongest passwords possible. “Stop picking the easy ABCDE or 12345 options. A mixture of upper and lower case, special characters and suchlike is a must. And don’t use the same password for everything. It surprises me that we still have to talk about it, but it’s alarming how many businesses get hacked because individuals opt for ‘easy to remember’ passwords.”