An overwhelming number of ecommerce businesses have adopted cloud hosting, at least to some extent. While cloud computing offers a myriad of benefits to companies, including better accessibility and performance, storing data in the cloud can present significant security challenges. Some businesses are struggling to meet those challenges; a recent survey showed just over half of those polled have adopted serious security policies for cloud computing.
Strong security policies and procedures can be enacted to better protect your company’s secure data. By implementing and enforcing those policies, adopting secure operations processes, managing staff identities and securing networks, data stored in the cloud can remain secure. As cloud computing continues to evolve, taking these steps will lower your risk of data breach.
Understand the Cloud
Even as cloud computing becomes more popular, some organizations fail to fully understand the cloud and the risks associated with it. Understand that entering the cloud can create certain contractual issues over transparency and liability issues. It is important that a company’s development team is fully committed to cloud technology before jumping in. A flaw in your security could not only put your data at risk but also the data of your clients. Your organization must research and have sufficient resources to manage cloud computing before taking the leap.
One of the best things you can do to protect your company from risk is to develop and strictly enforce password policies for all staff. According to new research, a whopping 90 percent of passwords generated by employees can be cracked in a matter of seconds. Just as using an email password for other services such as a Facebook or Instagram accounts can spell disaster for personal computer users, using that same password for a cloud account can create an enormous security risk for your company.
To create secure passwords that are easy to remember:
- Choose a long, random word; for example, “memorizing.”
- Capitalize the last letter and add a number and a symbol; for example, “memorizinG722&.”
- Add an identifier for each account. For example, for a Facebook account, use
- “memorizinG722&Facebook.” For Skype, use “memorizinG722&Skype.” This password formula is easy to remember and very difficult for hackers to crack.
- Change the core word or the number/symbol combination monthly.
By far the best way to protect company data within the cloud is encryption. The easiest way to encrypt data is to use zip files and protect them with a password. There are several encryption software choices available that offer easy-to-use password protection with a high level of reliability, and some cloud services also provide encryption for data. Determine the level of privacy you need for your data to help you decide which type of encryption best suits your company’s needs.
Encryption is not without its challenges, and your efforts can backfire in some circumstances. If you choose to encrypt data, it will certainly lessen the possibility of a data breach, but if you lose the encryption key, data will be lost. Keeping offline data can mitigate the risk of data loss in the cloud, but can increase the risk of data breach. Making sure your data is safe is a bit of a balancing act that must be carefully addressed and managed.
Managing Employee Roles and Identities
Decide who has access to data within the cloud – and when. Cloud providers allow customers to manage authorization levels for individual users according to each company’s security policies. For example, one user might have a role that allows them to simply upload and read data, while another might be allowed to make changes to the data. Levels of authorization are determined at the company level; those roles are communicated to the cloud provider, which must have a system for managing unique identities and provisioning those roles to ensure adequate workflow.
One of the biggest risks in cloud computing is account hijacking. When an outsider gains access to your credentials, the results can be devastating, as the attacker can eavesdrop on your company’s transactions, return falsified information, manipulate the data stored on the cloud, and can even redirect clients to other – sometimes illegitimate – sites. The threat to your company and clients if this happens is serious.
Even the most secure systems are at risk of a data breach. To protect yourself, experts suggest using a two-factor authentication technique, which means logging into the cloud requires a username and password combined with a unique code, which might be an SMS message sent to a smartphone or app. Another important way to protect your data is to prohibit sharing account credentials among staff. The more data you store on the cloud, the more important it is to protect it.
One of the challenges of cloud based computing is the emerging issue of jurisdiction. Some companies might be surprised to learn data that is secure in one country might not be in another, and most cloud users are completely unaware of where their data is being stored. Laws vary widely from country to country, so it is essential to know where your data is held. In the United States, some laws allow government agencies significant power to access information on the cloud, while the European Union tends to favor strict privacy. Ask where your data is kept and learn the details of applicable data protection laws.
Use Common Sense
Apply the same security techniques to the cloud that you already do to traditional internet practices:
- Keep your wireless network locked securely with a password.
- Remind employees never to open attachments or click on links contained within suspicious emails.
- Always use antivirus software to help prevent viruses and malware and keep hackers from accessing any account information.
- Don’t store personal information, such as Social Security numbers, credit card numbers, bank information, or passwords on the cloud or anywhere else hackers might find them, and regularly delete messages and files that are no longer necessary.
Contact AccuWebHosting for further information about how to keep your data safe in the cloud and protect your company’s investment.