So, what exactly is ‘the cloud’?
Unsurprisingly, ‘the cloud’ has absolutely nothing to do with those white fluffy things in the sky. Essentially, the cloud is a way of storing and accessing data on a server separate to your corporate network. To enable the effective running of popular cloud applications like Dropbox, there are often numerous internet-connected computers situated across the globe. ‘Cloud Computing’ simply uses the internet and remote servers to store data. This allows businesses to use applications and access corporate information using any device which is connected to the internet. Because of the ease of use, many businesses now use multiple cloud applications and systems. While this migration to the cloud can be highly beneficial, having sensitive data stored on numerous unprotected servers can cause huge security challenges.
What are the benefits of cloud migration?
- Highly scalable- Cloud infrastructures can scale on demand to accommodate fluctuating workloads and traffic. For instance, if you need more bandwidth and storage around Christmas or Black Friday, cloud applications offer the agility to adapt to these needs.
- Increased collaboration- Cloud applications allow your teams to access and share corporate documents from any internet connected device. This enables colleagues to work collaboratively by working on shared documents and viewing real-time updates (for instance using Office365 or Google Drive)
- It enables remote working- Cloud applications empower businesses of all shapes and sizes to implement remote working policies. As long as you have an internet connection your employees can be online and working. Many popular applications also offer mobile applications too. This can vastly improve employee productivity.
- Cost effective- Cloud computing dramatically cuts costs as you don’t have to fork out the funds for expensive hardware. Cloud applications usually allow you to pay on a monthly subscription basis which eliminates cash flow concerns.
- Ease of set up- Cloud apps are usually super easy to set up and manage which takes the worry away from your once complicated IT project. It has never been easier to take the first step towards cloud adoption.
But… Cloud adoption does not come without challenges
Businesses around the globe are continuing to flock to the cloud as it gives them access to scalable services they may not have been able to afford. However, in this race to cloud migration, many businesses are failing to take the necessary security considerations into account. Despite its rapid growth, cloud computing introduces the risk of cloud security breaches which can have a devastating effect on an organisation who is unprepared. Consequently, the security of data is a key concern for many IT professionals who are tasked with leading a migration to the cloud.
Businesses should not assume that their data is automatically secure if it is stored in a cloud application. To successfully migrate to the cloud, organisations must implement the necessary security controls and processes to ensure that their data is safeguarded from online threats. At the very least this should involve 2-factor authentication, end-to-end encryption, access control, using a VPN and so on.
How can you protect your business from cloud security threats?
The password era is over. Simply using a username and password to access cloud applications is insufficient protection for corporate accounts. If hackers were able to steal your password, they would have the key to open your private systems (and potentially others too if your employees recycle passwords). To prevent unauthorised personnel from accessing your accounts, it is important to implement 2FA. This is an additional security hurdle which dramatically reduces the risk of being compromised. Some cloud applications offer their own 2-step verification processes. You can also implement solutions such as Cisco Duo which can be used for multiple cloud applications.
Umbrella can expose shadow IT by detecting and reporting on the cloud applications across your infrastructure. It automatically generates overview reports on the vendor, category, application name, and the volume of activity for each discovered app. The drill down reports include risk information such as the web reputation score, financial viability, and relevant compliance certifications. This insight enables better management of cloud adoption and risk reduction.
Backups/ disaster recovery
If you fail to take regular backups/ have a disaster recovery plan, the risk of permanent data loss is high. To lower this cyber-risk (and for peace of mind) take regular secure backup of data stored in the cloud. This means that if you do suffer a breach, you would not be unable to carry on with ‘business as usual’.
Human error is still the number one cause of data security breaches worldwide. It is important to offer regular cyber awareness training for your entire workforce. This should encourage them to take ownership of Cyber Security best practices so they can become an active participant in implementing your security strategy.
To effectively protect your cloud data you need to know exactly who has access to what information. Most employees don’t need to have access to every application or data source as it increases the risk of data loss. For example, if one were to click on a phishing link and provide their login credentials, a hacker would have access to a treasure trove of information. To protect the integrity of these systems, employees should have the correct level of privileges. This means they cannot make unwarranted changes to systems which should be controlled solely by the administrator. With Cisco Duo you can enforce granular access control policies which are based on role, location, network and more.
80% of hacking-related breaches are still tied to compromised, weak or re-used password. To avoid becoming part of this statistic, businesses need to be enforcing mandatory password policies. This should involve using different passwords across all accounts, updating passwords on a regular basis and using passwords which are not easy to guess through social engineering. This may seem like a tall order, but it is easy to implement by using password managers such as LastPass. LastPass can also analyse the password habits of your employees and gives them ‘security scores’. This helps to identify employees who recycle or use weak passwords (which could be exposing your business).
When working remotely you should always use a VPN to ensure that your connection is secure and encrypted when using the internet/ accessing sensitive data. If you do not use a VPN there is the risk of Cyber Criminals being able to ‘eaves drop’ on your online activities.
Do you need support with securing your cloud infrastructure?
Here at Equilibrium we are cloud security experts. If you would like to get in touch to discuss implementing a bespoke cloud security strategy unique to your business, please use the contact details below. If you would like to find out more about Cisco Duo 2FA click here to head to our web page.