In the past several years, we've seen a dramatic revolution in the acceptance of cloud computing among enterprises: from a supposed security risk to a widely used best practice. 96 percent of companies now use the cloud in some form or fashion, and 64 percent of IT professionals agree that the cloud is more secure than legacy on-premises systems.
Despite this perception, however, there are still steps that you should take to protect your applications and data in the public cloud. Below, we'll go over 4 tips that you can incorporate into your organization's cloud strategy.
1. Vet your vendors
A number of high-profile cyberattacks, such as the Target and Home Depot data breaches, occurred when hackers were able to breach the company's defenses using the credentials of a third-party vendor or partner. For these businesses, learning to choose the right vendor was a lesson worth tens of millions of dollars—and untold more in lost reputation.
Your public cloud vendor should have an IT security policy that's at least as stringent as your own. Look for offerings such as VPNs and firewalls that can protect information both at rest and in transit. If you're in an industry such as healthcare or retail that has special requirements for handling data (e.g. HIPAA and PCI), your partner should have prior experience in working with clients like you.
After you've selected your cloud partner, work to align the two companies' internal IT standards and procedures, so that your data will remain protected throughout the partnership.
2. Use strong authentication
At a minimum, users who are authorized to access data in the public cloud should use strong passwords with a minimum length and degree of complexity. For especially sensitive information, however, many organizations are exploring the use of multi-factor authentication.
Beyond simply entering a password, users may have to answer "challenge questions" about their identity, or type in a code sent to them via email or SMS. They may even be required to use biometric IDs such as fingerprints or voiceprints.
Even with strong authentication methods, "insider threats" may inadvertently or intentionally leave data exposed to the wrong people. To prevent this, install logging and monitoring software that can detect suspicious activity, such as repeated attempts to access an unauthorized file.
3. Encrypt your data
85 percent of organizations admit that they store at least some of their sensitive information in the public cloud. To be sure, your data is likely much safer in the public cloud than it is on-premises, where it would be subject to physical as well as virtual attacks.
Nevertheless, migrating to the public cloud entails putting a certain degree of trust in your cloud provider. The only way to ensure the security of your information in the public cloud is to generate your own encryption keys and encrypt the data before pushing it to the cloud. Use a secure algorithm such as AES, and hand out the encryption and decryption keys only on a need-to-know basis.
4. Install updates regularly
Some of the most devastating cyberattacks, such as the 2017 Equifax data breach that affected 143 million people, have occurred due to the simplest of errors: a security vulnerability that already had a patch available, but was not installed.
While updates and security patches are often automatic for applications and hardware in the cloud, double-check your vendor's policy to ensure that you're covered.
The public cloud, protected
If you have additional questions about how your organization can make the best use of the public cloud, we suggest reaching out to an experienced cloud consultant. There are a number of options available, and it’s important that you choose the solutions that are best for your business.