Security Best Practices for Cloud Users

First time cloud users can be most at risk, simply because of unfamiliarity with the new environment and the added burden of having to grapple with a new way of managing users, data and security. Here are five security must-do’s before taking the plunge: 

1. Know the cloudy areas There are three main segments in any cloud deployment - the cloud vendor, network service provider and enterprise. Given that the cloud should be treated like an extension of the enterprise data centre, the question to ask is therefore: can a common set of security services and policies be applied across the three segments? What are the security gaps?

2. New apps, new fortifications Ready to move an application into the cloud? Before you do, consider adding new fortifications to the existing security measures you have built around your application’s authentication and log-in processes. To fortify the access to your cloud application, you should have a granular data access scheme. You can do so by tying access privileges to roles, company positions and projects.  This will add an additional layer of protection when attackers steal your staff’s login credentials. 3. Embrace encryption Data encryption is one of your biggest security ally in the cloud, and it should be non-negotiable when it comes to file transfers and emails. While it may not prevent hacking attempts or data theft, it can protect your business and save an organization from incurring hefty regulatory fines when the dreaded event happens. Ask your cloud vendor about their data encryption schemes. Find out how it encrypts data that is at rest, in use, and on the move. To understand what data should be encrypted, it helps to get a handle of where they reside - whether in your cloud vendor’s servers, the servers of third-party companies, employee laptops, office PCs or USB drives. 4. Wrestling with the virtual Moving into the cloud lets businesses reap the benefits of virtualization, but a virtualized environment can present challenges to data protection. The main issue has to do with managing the security and traffic in the realm of multi-tenancy and virtual machines. Physical security appliances are typically not designed to handle the data that is in the cloud. This is where virtual security appliances come in - to secure traffic as it flows from virtual machine to virtual machine. Such appliances are built to handle the complexities of running multiple instances of applications, or multi-tenancy. 5. Don’t be in the dark about shadow IT There is no shortage of anecdotes and reports out there that point to how the unauthorised use of applications and cloud services, or shadow IT, is on the rise among businesses. The uncontrolled nature of this poses a security threat and governance challenge. Your new cloud application will be at risk because of this. Consider the simple scenario in which your employees use their smartphones to open a file on their device. It is likely that the phone will make a copy of the file, which could then be sent to an unapproved online storage destination when the phone does its routine automatic backup. Which cloud security best practices do you recommend? Share your inputs with the Cloud and Cyber Security Center.