If your business stores some of its data in the cloud, you’ve got a lot of company there. According to RightScale’s fourth annual industry survey, 93 percent of businesses with more than 1,000 employees use a cloud service to store data.
But is data safe up there in the cloud? Here’s how you can assess and boost cloud security for your business.
Choose a Cloud Service That Meets Your Business Needs
Cloud storage comes in three arrangements:
- A private cloud server, in which a company’s own IT department controls the service and protects the service through the company’s firewalls.
- A public cloud server, which sells pieces of the cloud to different customers.
- A hybrid approach, which mixes the two services, keeping some services internal and others external.
Hybrid clouds are by far the most preferred by larger businesses. Eighty-two percent use a hybrid solution, and the number has been steadily climbing each year, according to RightScale.
Which is better? Jeff Borek, IBM’s Program Director for Cloud Computing, says organizations should review their business requirements to decide which option is best for them. IT departments that don’t have dedicated security staff may recommend a strong public cloud provider, while those with a security team will probably be comfortable with a hybrid cloud service.
What a Cloud Provider Should Offer
Eric Naiburg, a security marketing expert who also develops security tools, says cloud providers (including private internal ones) should have these services:
- Around-the-clock security to run operations, monitor and act on breach alerts
- Strong partnerships with outside security experts that use the best technology
- Ability to design and configure security architecture for business clients
- Customer education to ensure they understand firewall rules
- Security audits
Wrap Cloud Security Into Your Own Practices
Businesses’ investments in cloud technology are higher than ever, Dell reports, and much of that investment zeroes in on building strong and reliable services. Furthermore, investments in the cloud, big data, mobility and security correlate with business growth.
Add a layer of security to the data you keep in the cloud on top of what’s provided by a cloud provider. Naiburg recommends:
- Requiring employees to use electronic ID cards to enter the business
- Placing security cameras on the business premises
- Restricting data access to employees who need it to perform their jobs
- Reviewing administrative audit trails that leave footprints as to who accessed data and when
- Conducting regular security reviews with employees
Subscribe to security alerts and resources that discuss online and cloud security such as LifeLock and share what you learn with employees.
Be Realistic and Prepare for a Security Breach
IT managers are gaining more confidence in using cloud security, RightScale reports. Part of this may simply be the result of planning for breaches and being prepared to respond to one.
Even security firms accept that not all breaches and identity theft can be prevented. They can be managed, and fallout can be reduced by creating security and recovery plans. Here are a few ways CSO suggests businesses can contain a potential disaster:
- Appoint an incident response team that will take the lead on addressing the situation and communicating it. Make sure they practice the plan and update it as needed.
- Do not allow any individual to make decisions or micromanage.
- Get a clear communications plan in place and follow it.
- If a breach is too big to handle in-house, get outside help from security risk management experts.
- Get outside legal help with specific data security expertise.