The cloud can be of considerable benefit to organizations in reducing costs and speeding up time-to-market. But many companies are reluctant to fully embrace the cloud due to concerns over cloud security.
Problem is, employees are used to using cloud apps, and they don’t always wait for the IT team to give them the go-ahead to use them – with company data.
However many cloud apps you think your employees are using, multiply that by about a factor of 10 to get an idea how many they’re really using.
In a 2013 study, Stratecast found that more than 80% of survey respondents admitted using non-approved cloud apps for work. Only 19% of non-IT workers and 17% of IT workers said they did not use any non-approved apps. Scary, right? Well, there’s a lot you can do to take control and make cloud data security a priority throughout your organization. Here are 4 steps you can take to improve cloud data security.
“C’mon. What are the odds they’ll find out? It’s just a few credit card numbers, social security numbers, medical records and old prom pictures.”
1. Establish a Baseline
To know which direction to take, you need to know where you are right now. Creating an inventory of cloud services employees are using by combing through log files from proxies and firewalls probably isn’t anyone’s idea of a good time, but it tells you what you need to know, good, bad, or indifferent. Your employees don’t read the 20-page terms and conditions every time they sign up for a new app, and that fine print often contains important information about who owns any intellectual property uploaded to the site, and what happens to it if the provider goes out of business. This may be a painful first step, but it’s critical.
2. Have a Plan for Protecting Data Stored in the Cloud
Just because you’re not storing your data on-site doesn’t mean you don’t have to worry about backing it up. Some organizations keep backups on the premises, and others ensure their cloud providers have copper-riveted guarantees about backups and data loss. Fact is, it’s more important than ever to make sure data stored in the cloud isn’t lost. Cloud providers’ data protection standards vary, and they need to align with your own organization’s standards, so ensure that they do before trusting them with your valuable data.
3. Develop a Security Policy and Enforce It Consistently
You really can’t just randomly enforce your data security policy and expect it to be effective. By regularly auditing enforcement across your proxies and firewalls, you help ensure that nothing slips through the cracks. Remember: when you start allowing formerly disallowed apps, depending on how your firewalls operate, you may have to allow a whole category of apps once you grant that exception. You may think that by allowing a specific app, you’re opening the door just a crack, when in fact, you’re taking it completely off the hinges.
Will your firewall let Marketing use Twitter without having to allow all and sundry social media applications?
4. Do What You Can to Mitigate Risk
You have many options for mitigating risk, from using multi-factor authentication on company-approved cloud services, to using encryption, to maintaining control of encryption keys so your cloud services can’t access your data. Critical security breaches not only cost a lot of money to fix, they can lead to legal actions and damage to your organization’s reputation.
And don’t forget that threats to security can originate inside your organization or of the cloud provider you use. Risk mitigation requires that IT walk a fine line between protecting from the very real threats out there and allowing employees enough freedom to do their work efficiently and effectively. You can’t ever take your eye off the ball when it comes to vigilance against malware.
Your IT team has a huge responsibility when it comes to ensuring cloud data security measures up. The tools they use to run the IT service desk and to provide IT asset management can help them meet these responsibilities better.
About Laura Miller
Laura Miller is the Senior Director of Sales Operations, ITSM at SolarWinds. She works one-on-one with customers ranging from SMB to Fortune 500, providing them with a modern way to look at service management. Laura's ITIL experience and ITIL v3 Foundations certification provides her with a unique understanding of the service management industry. Her guilty pleasures are anything chocolate, ice coffee, and reality TV.
Read more articles by Laura