Whether it’s uploading vacation photos to Dropbox, watching a movie downloaded from the cloud while on a plane, teams collaborating through Google Drive, backing up data stored on devices, or generating invoices and accepting online payments, cloud computing has become a daily part of life for many of us. And for businesses looking to maximize resources, reduce costs, and increase efficiency and profitability, the cloud is how to make that happen. That said, there are very real risks to having sensitive data stored in the cloud.
Cloud Tech: Benefits and Risks
Cloud impacts businesses of all sizes in myriad ways, making our jobs easier and businesses so much more productive. Despite being a technology with such game-changing capability, there is one perceived “fatal flaw” that makes a lot of businesses hesitant to make the leap to cloud-based operations, and it’s no doubt something top of mind for you as well: security concerns.
What’s surprising though, is this statistic: According to a global survey conducted in 2014 by U.K.-based communications service provider BT Group, 79 percent of respondents in the U.S. are embracing cloud storage and Web applications for their business needs, despite expressing a lack of confidence about cloud security. Are they jumping aboard a bandwagon they don’t trust?
For those of us in the IT space and who are in the business of marketing and selling cloud-based services, these issues are discussed on a daily basis. We not only talk about risk management within our own organizations, but we work to reassure clients that we know how to mitigate those risks.
Risks of Cloud Adoption and How to Make it More Secure
Recent studies have identified the biggest cloud related threats as data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, cloud services abuse, lack of due diligence, and shared technology vulnerabilities.
In addition, many of today’s organizations are susceptible to yet another risk: Cloud usage within organizations without the implicit knowledge of the IT department. Everything from the slew of scandalous celebrity photo leaks to the breaches in the retail and government sectors have stoked the data security controversy. It’s no wonder people are skittish about whether the critical data and business information we have all uploaded are truly secure.
There’s no denying that there is much at stake, but IT teams can help their clients understand the importance of heightened security measures so that businesses of any size can make their cloud computing as secure as possible. Some steps include:
Implementing single sign-on (SSO). A single sign-on implementation will help you and your team create a manageable authentication mechanism for all users and applications. With this, you can protect your clients’ data and other information from hackers who generally take advantage of weak password practices, while also making it easier and faster for you to provision or de-provision user accounts.
Using API authentication mechanisms. API authentication mechanisms can effectively block threats such as replay or man-in-the middle attacks. Explaining their importance to your clients and activating these API mechanisms to ensure that commands can only be issued by properly authenticated endpoints can go a long way toward keeping their data safe. This step can also detect whether messages are authentic or have been tampered with.
Having an identity solution for your management tools. An identity solution for management tools enables integration of new and existing processes with more speed and ease, and it will help you and your team have complete control over functions such as determining password complexity and password expiration as well as the ability to call for various forms of multi-factor authentication. It also helps to provision and deprovision access to users. Password complexity, or lack thereof, is a big issue, and putting systems in place to help your clients develop and use more complex passwords is good for everyone.
Enhancing the security of your multi-user account. If your clients have a multi-tier account it’s important to make sure that their sub-account is completely isolated from other sub-accounts and the parent account to prevent accidental sharing of data between users.
Cloud technology presents amazing opportunities for businesses to collaborate, share, exchange, and back up their data, while reducing the expenditure on internal systems. But in order for mass adoption to occur, IT teams need to make sure they harness that power safely and efficiently. Equally as important, they need to be able to effectively communicate the measures they recommend and/or take to their clients.
I imagine you and your team are uber-focused on protecting your data in the cloud. To that end, what are some of the security measures you have employed? Is there anything you can recommend for others to implement or rabbit holes you’ve gone down that you wished you had avoided? You know I’d love to hear about what you’re doing, what’s working, and what you’re thinking about on this topic.
Additional Resources on this Topic:
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell’s thought leadership site PowerMore. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.