6 Best Practices for Data Security in the Cloud

Though the cloud offers businesses the opportunity to meet their computing needs with greater scalability, flexibility and cost effectiveness than ever before, it also requires new approaches to data security.

Considering the potentially devastating costs of data loss, security of cloud services need to be thought of as more than an IT initiative – it must be a business goal. These best practices can help companies better protect data and infrastructure in the cloud, as well as mitigate losses and costs should a breach occur.

1. Develop a holistic data protection strategy.

An end-to-end protection strategy first requires a detailed snapshot of your network. It is vital to thoroughly assess cloud providers and to understand what aspects of network security fall under their domain and where you are responsible. In building their networks, organizations must identify and address risks and weaknesses, and make ongoing monitoring and testing part of the protocol.

Read more: 5 pillars of transparent data security

2. Define what’s important.

More than two thirds of IT and security practitioners say their organizations fail to proactively assess what types of information are too sensitive to be stored in the cloud.[1] With an average of 25,180 computing devices – including laptops, tablets and smartphones – connected to company networks, IT leaders also say they lack visibility into what’s in the cloud. This can make it challenging to mandate to employees how to handle security and even to decide the optimal measures to employ. Defining types of data in use and prescribing the appropriate measures for each type is an important step in data protection.

3. Close the loop.

Cloud infrastructure security is only as strong as its weakest link. From remembering to revoke access credentials from former employees to ensuring that encryption keys cannot be easily accessed and exploited externally, it’s important to pinpoint points of access and close them.

4. Get top-level buy in.

From tools to training, ongoing security is an investment. And yet many security leaders either do not know what percentage of IT budget is dedicated to security, or say the proportion of total budget is less than 10 percent. Board of director involvement supports a more informed and relevant data security strategy (with necessary budget allocations). What’s more, research shows that when data loss does occur, the proactive establishment of a chief information security officer and board-level involvement in addressing the situation can mitigate costs. [2]

5. Monitor cloud activity and stay up to date on threats.

IaaS solutions typically include tools and dashboards which provide virtual, real-time network data such as session logs and access reports. Making ongoing, proactive monitoring part of the cloud security protocol can help organizations more quickly spot vulnerabilities and improve breach detection times. Incident analysis can help organizations better address future threats and improve security over time.

6. Don’t forget about training and ongoing enforcement.

Cloud security isn’t a matter of employing the right configuration and tools and forgetting about it; networks can be made vulnerable by the things employees do every day. Even the most robust security guidelines aren’t helpful if they live in a document and aren’t part of everyday procedures. From email rules to guidelines about specific types of data, it’s important that security policies are clearly communicated to all employees, and augmented with checkups and enforcement.

Learn more.Download our eBook 

[1] Data Breach: The Cloud Multiplier Effect, Ponemon
[2] 2015 Cost of Data Breach Study (Global Data), Ponemon

Previous Post
Data Security Challenges For Higher Educational Institutions
Next Post
Protect Against the 4 SED Attacks Discussed at Black Hat

Related Posts

Educating with Data Security

Education institutions have numerous important and sensitive documents stored that they are responsible for. This sensitive information belongs to students, parents and faculty and comes in the form of loans, financial records, employment records, etc. (more…)
Read more

Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers…
Read more

RSA 2017: Protecting Data Everywhere

The RSA Conference began in 1991 as a forum for cryptographers to gather and share the latest industry knowledge. In 1997 – just 6 years later – WinMagic launched into the data security market – offering software full disk encryption.…

Encryption only works if you use it

Once again there’s been a device theft that has left the personal health info (PHI) of 11,000 patients out in the open because the device was unencrypted. But when you look deeper into the problem, the organization did actually have…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu