EDITOR ’ S QUESTION
When most people think of security , they tend to focus on why they need it in the first place . If you know what your primary threats are , it ’ s much easier to define a security strategy to help prevent or stop those threats .
Most cloud providers offer some level of security , but you ’ re typically on the hook for key items such as backups , passwords , multi-factor authentication and logon restrictions . It ’ s important to train all personnel that will be interacting with the cloud platform about security .
This approach definitely applies to safeguarding cloud-based data .
Even as the popularity of cloud computing soars , many organizations still have fundamental security concerns . However , the cloud isn ’ t necessarily more or less vulnerable than any local IT systems as long as you utilize security best practices .
Many of the greatest vulnerabilities for breaches in the cloud stem from improperly maintained access controls , or weak passwords and logon credentials . In fact , many ransomware attacks in the cloud rely on account hijacking or stolen credentials to access sensitive data . This is where on-going security awareness training and easy-to-understand security policies go a long way in reducing risk .
Don ’ t forget that you should always have a reliable Disaster Recovery and
Business Continuity plan no matter where your data resides .
Threat detection and response capabilities are also critical for securing the cloud . If you can ’ t identify potential threats in real time , you ’ ll struggle to prevent breaches . Programmatic detection and response tools are usually a good way to strengthen your overall security posture and proactive 24 / 7 / 365 monitoring is a must .
If you don ’ t happen to have the in-house resources or expertise to handle this type of cybersecurity work , you should seek out a reliable partner that can provide services such as extended detection and response .
You can start by defining a clear cybersecurity strategy and avoid migrating any data to the cloud until your IT team thoroughly understands that strategy and any related processes .
As you begin to work with cloud services providers , you need to do your due diligence in understanding service level agreements and identifying which party is responsible for certain areas of security ( what ’ s commonly known as a ‘ shared responsibility model ’).
And don ’ t forget that you should always have a reliable Disaster Recovery and Business Continuity plan no matter where your data resides . p
The cloud isn ’ t necessarily more or less vulnerable than any local IT systems as long as you utilize security best practices .
This really comes into play if you handle financial or personally identifiable information that ’ s subject to compliance and industry regulations .
TOM CALLAHAN , DIRECTOR OF OPERATIONS ,
MDR – PDI SOFTWARE
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 35