Loading...
Loading

Best Ways For Securing Your Data In Cloud

2014-03-31by Shah k

Minimize the Risk of Data Breaches

Almost every week you hear of a high profile company that has suffered a security breach, exposing sensitive customer data. Data breaches can impact your organization's reputation, lead to loss of business, and even result in fines. While cloud services may be "like a dream" insofar as they make your work life easier, they can quickly turn nightmarish when the security of your sensitive data is compromised. Dropbox, Evernote, and Google are just a few of the services that have recently had critical security breaches.

Real-life example:
Several teams at a US-based energy company routinely stored and synced information using note-taking service. In one week, several users at the company received emails notifying them that their passwords were reset without their permission. A third party had compromised the accounts. Some of the notes potentially exposed by the breach included highly confidential company documents related to energy operations and locations of underground oil reserves locations,the kind of information that is zealously guarded from competitors.

Checklist to protect your organization:

1. Enforce multi-factor authentication for corporate-approved cloud services
2. Protect sensitive data by encrypting it while stored in the cloud, thereby making it indecipherable if and when there's a breach
3. Maintain control of encryption keys so your cloud service cannot read the data, or send it to the government in response to a blind subpoena, unbeknownst to you

Maintain Vigilance Against Malware and Malicious Insiders

Threats to security can be just as damaging when they originate from within the organization or the Cloud provider you trust with your data. Your employees have access to sensitive data ranging from sales contacts to your customers' social security numbers. When your employees leave, how do you know they aren't taking their sales contacts with them? Employees also download tremendous amounts of data from cloud services. How do you know that when they do so, they aren't downloading malware? The challenge is protecting against threats from a few bad apples without limiting the freedom of your employees to be productive.

Real-life example:
During a routine audit of firewall logs, the security team at a financial services company discovered over 10,000 tweets in 24 hours submitted by a single IP address. By comparison, their corporate Twitter account had accumulated a total of 10,000 tweets over the several-year period since its inception. After digging deeper, they discovered data was being exfiltrated through Twitter 140 characters at a time by malware that had been downloaded from an open-source code repository.

Checklist to protect your organization:

1. Regularly analyze the use of Cloud Data Security services to identify anomalous usage patterns that can indicate data theft or malware
2. Encrypt data so administrators at cloud providers and unregistered devices cannot view sensitive data
3. Once malware is identified, search for other instances of the same file across the company to determine your exposure

Protect Data from Loss

The information you store in enterprise applications and databases on-premise is backed up offsite. But what about your data in the cloud? Moving from an on-premise ERP solution to a cloud-based solution does not remove the need to protect the data from loss or deletion. In fact, it's even more important to ensure data stored in the cloud isn't lost since cloud providers often have inconsistent data protection standards, which may not align with your organization's policies.

Real-life example:
A midsize company deployed Google Apps to its employees for document creation and collaboration. Some employees began using a third party app in conjunction with Google, which had access to their Google Apps documents. A new release of the third party app introduced data corruption to the Google Apps documents. By the time they discovered the problem, Google was only able to partially restore the corrupted documents. Since the company didn't have a local copy, many documents not stored locally before uploading to Google were lost forever.

Checklist to protect your organization:

1. Whether it's your ERP or CRM data, SaaS applications should be replicated and backed up on premises in case of data loss
2. Losing encryption keys can be as damaging as deleting the data itself. Always keep encryption keys secure and keep redundant copies of keys
3. Ensure retention policies are appropriately applied to data in the cloud to prevent inadvertent deletion.

news Buffer
Author

Shah k

Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com or follow us on Twitter@skyhighnetworks.

View Shah k`s profile for more
line

Leave a Comment