By finding a way to effectively safeguard data in the cloud, enterprises can begin to fully maximize the business potential of cloud offerings.
UK - (PRWEB UK) 9 January 2013
London: Today, issues of risk, data privacy, and compliance are the chief inhibitors to most organizations’ adoption of cloud services. In fact, Gartner Group identifies data location risk, risk of data loss, and data security risk as three of the top five barriers to cloud adoption. While security can be seen as an obstacle to the broad adoption of cloud computing, it can in fact be an enabler. By finding a way to effectively safeguard data in the cloud, enterprises can begin to fully maximize the business potential of cloud offerings. These five steps are simple, easy to follow and will heighten corporate data security when stored in the cloud.
1. Physical security of the infrastructure
When choosing a cloud service provider, ensure the infrastructure itself is physically secure enough to provide an extra layer of security than that of existing corporate infrastructure. Data should be stored in vaults, racks or cages to make a physical breach near-to-impossible and should be followed up with security procedures and protocols such as on site monitoring and biometric access, which limits not only forced access but also opportunistic access.
2. Strong password requirements
It’s important for employees to use a different password for corporate email inbox than for any other login details. An inbox is the centre where all password resets would be redirected should a user require them to be changed. An inbox is also the key to all other online assets, so minimise the chance of a breach and create a strong and unique password. A strong password can be formed on the basis of a memorable word or date but should incorporate lower and uppercase as well as numbers and letters. Organisations should also consider using a 2 factor authentication process to protect inboxes, such as signing in with a code as well as usual login details.
3. Reducing risk with encryption
Encrypting your data makes it unreadable for people who aren't supposed to read it, it’s also a deterrent to hackers - a bit like a padlock on a bicycle. Encryption is especially important for companies which store financial data, employees' personal information, or proprietary secrets in the cloud. It is a wise idea to encrypt any data stored on off site backups, or redundant infrastructures, don’t become complacent.
4. Who has privileged access to corporate data?
Many employees have several options at their disposal to access and copy sensitive information, often in undetected ways. One way to resolve this is through separation of duties, ensuring that the activities of privileged third parties are monitored by in house staff, and that the pieces of the solution on the cloud side of the network cannot be defeated without raising alerts. IT decision makers also need the ability to closely monitor individual data assets (for example, a credit card table), regardless of the method used to access it. Look for a system that knows when the data is being accessed in violation of the policy, without relying solely on query analytics.
5. Auditing cloud services providers
Cloud providers should be willing to provide users with documentation regarding their data centre protection strategies. IT decision makers should be vigilant towards exploring the range of data protection solutions offered by the provider. Imperative elements that should be considered while auditing cloud providers are:
- Possible events
- Power Grid/Communications Considerations and Contingencies
- Proximity to ‘prone-to-danger’ locations (e.g. any water body or any potential terrorist target areas like airports, seaports)
- Vendor’s DR emergencies
Google go further to protect corporate data in the cloud by supporting 2 Factor for its Google Apps suite. As well as an added layer of security, 2FA offers a number of other benefits. Intelligent systems will offer reduced systems access when physical presence authentication is employed by users who have forgotten their passwords. Keystroke logging, password trapping and "shoulder surfing" will no longer be a problem.
Google also gives organisations complete control over who individual users wish to share documents with. Google Docs provides options to share with everyone in an organisation, select people within, only users with the link, to anyone in the public and more. This allows for different security and privacy levels dependent on the level of confidentiality surrounding each file and or folder.
Netpremacy Global Services provide Google Enterprise solutions, a full portfolio of IP services including national and cross-border MPLS networks and security services to thousands of organisations in over 33 countries around the world. Their fortnightly newsletter provides insightful industry news on security, connectivity and cloud computing trends. To subscribe to their newsletter click here.