Common Concerns: Protecting Data in the Cloud
Protecting data in the cloud is one of primary concerns of companies looking to adopt the technology. Companies are often intrigued by the benefits the solution provides, but are reluctant to store their valuable data in the cloud. Essentially, if the business value of implementing the cloud offsets the security risks that accompany the technology, an organization should consider a transition to cloud computing.
According to the FBI, more than 90% of private sector data breaches are a result of a business’s failure to put the necessary security safeguards in place. Thus, with the proper technology and processes, a company can help greatly reduce the risk of a cyberattack.
The sensitivity of the data and the level of security offered by the provider should be considered when making a switch to the cloud. Each cloud service provider (CSP) delivers unique offerings, and a company should be sure to evaluate the provider’s reputation and service levels. In addition, companies should implement employee education and security protocols to help protect its sensitive information.
Employee education and monitoring
A company can have all of the right technology, but if it lacks sufficient training and protocols, its network can still be at a high risk of compromise. According to the Ponemon Institute’s Managing Insider Risk Through Training and Culture report, 66% of the 601 data protection and privacy training professionals surveyed identified their employees as their weakest security link.
Cybersecurity training should be part of a business’s employee on-boarding process and staff should be informed of any updates regarding company policies and the latest versions of security threats.
Education should extend throughout the organization, including management and IT staff. Contrary to popular belief, those in management and IT positions are common targets for hackers because of their ability to access valuable information. Effective employee training should…
- Be held regularly and include everyone within the organization
- Present real life examples and stories to engage employees
- Clearly review unapproved document sharing platforms and practices
- Train employees how to recognize a cyber threat
- Train employees how to respond if a cyber threat occurs
- Ensure employees understand how hackers use social engineering to target users
- Be regularly updated to inform employees about the latest versions of phishing, malware, ransomware, etc.
- Understand your cloud services agreement
Understand your cloud services agreement
Every cloud service provider is different and their offerings likely provide various security levels to protect business-critical information. Therefore, it’s pertinent that an organization thoroughly understand the CSP’s service level agreement (SLA) to ensure the company’s data is being securely hosted and transferred.
A solid understanding of the delineation between the provider’s and the client’s responsibilities can help build a stronger foundation of trust and communication between the two parties. A business should have confidence in the cloud service provider’s technology, employees, motivations, safeguards, and integrity. A key factor in establishing this relationship is the CSP’s willingness to consult with and educate clients as to what’s required to ensure the provider’s solution will provide the utmost benefit to the client’s business. An SLA should cover…
- What rights the business has to its data
- What data will be uploaded into the cloud
- Special compliance requirements (such as HIPAA) for data storage and transfer
- How the responsibility, costs, and management of a data breach will be handled
- The data breach policies of the CSP and the client
- Disaster recovery and high-availability storage capabilities
- Off-site storage options
- Response times for standard and high-priority security issues
A significant part of managing a company’s sensitive data in the cloud is controlling employee access to company data. Anytime a business has a staff turnover, promotion, or restructuring within the organization, it should review and make updates to information access rights. Tending to permissions to access the cloud or certain data in the cloud will prevent the data from remaining accessible on a user’s device after they leave the organization thus preventing an accidental or intentional compromise by the former company member.
Access to sensitive information may extend beyond employees to contractors, partners, and clients. Any time roles within or between organizations change, a business should revisit access capabilities and make adjustments as needed.
Check the cloud provider’s reputation
The most effective way to understand the reliability and security of a cloud service provider is to research the company. To learn more about the provider’s reputation, go online and contact both current and former clients to get an idea of their experience.
A business should also ask the CSP to provide information on how it will manage the security of the company’s sensitive information in the cloud. It’s imperative that a company consider both price and quality when making a decision, as well as the provider’s ability to understand its unique industry.
At Aldridge, we work with our clients to understand and cater to their unique security needs. To learn more about how Aldridge can help securely manage your information in the cloud, contact a firm representative today.