Cloud Source

Data Security: Keeping Sensitive Data Safe Within a Public Cloud

by

SecurityAccording to a recent Intel report, approximately 93% of companies have adopted some sort of cloud service, choosing Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), or a hybrid. This broad adoption of cloud services and the move from private clouds to public indicate better trust in the technology — according to the Intel report, for every person who distrusts the cloud, there are two who feel it’s safe.


Security Risks

However, this doesn’t mean that there are no longer any risks associated with the cloud. Approximately 62% of respondents have moved sensitive customer data to the cloud, which has increased the risk of a breach; almost half of companies have been able to track malware back to a SaaS application. Part of the problem falls on the people using the cloud: a lack of cybersecurity professionals in combination with employees using unsanctioned cloud services known as shadow IT. Even NASA isn’t exempt, with a recent audit discovering that government data has been uploaded to public cloud storage services.

Sensitive Data and Cybercriminals

The large-scale move of data to public cloud services has unfortunately attracted the attention of cybercriminals, who seek to exploit weak and vulnerable targets. According to the report, user credentials are the most likely point where cybercriminals will seek to access data. Shadow IT is also an area of concern, with 65% of IT professionals stating that the use of shadow IT is interfering with their efforts to keep cloud services secure.

What the Business Can Do

Businesses can be proactive in reducing security risks before they become a real problem. Using solutions that are integrated and/or unified will enable the business to reduce the majority of risk by giving IT professionals a full overview of the system and its permissions. Authentication best practices — biometrics, multi-factor authentication, and unique passwords — will help to prevent cybercriminals from accessing user and admin credentials. Businesses should also utilize security technologies, including:

  • Cloud access security brokers
  • Data loss prevention
  • Encryption

The cloud is flexible and cost-effective, but the data uploaded to it needs to be safe and secure in order for businesses to reap the benefits. Whatever the service, whether individual or hybrid, businesses should be looking to increase their security by using available technologies, concentrating on keeping cybercriminals from accessing user credentials, and ensuring their IT department is ahead of the curve to prevent employees from using shadow IT.

Security: How IT Decentralization Introduces Vulnerabilities

by

SecurityThe decentralization of IT management, brought about by more businesses moving to the cloud, brings with it growing concerns about vulnerabilities, according to a survey commissioned by virtualization vendor VMware. The purchase of non-secure solutions has led to new compliance and security issues, and IT managers must overhaul their measures in order to keep up with the move to the cloud.

The Effects of Decentralization

According to the VMware study,

  • 69% of those surveyed agree that IT management has become decentralized,
  • 57% believe that, as a direct result, non-secure cloud and other services are being purchased,
  • a similar percentage believe that this results in non-compliant applications, and
  • 61% agree that decentralization leads to duplicate IT resources.

Shifting to the Cloud

The cloud has become a solution that the majority of businesses are using, driven at least in part by efficiency, flexibility, and long-term cost savings. According to the study, IT infrastructure spending is up by an average of 5.7%, which includes authorization of devices and new applications. However, this comes with the risk of breaches, especially as business leaders are able to purchase technology themselves rather than relying on the IT department to properly vet new applications before they’re deployed.

The Role of IT in Keeping Data Secure

Regardless of whether the IT department itself purchased and implemented the new applications, it is usually responsible for their security. According to the aforementioned survey,

  • almost 75% of business leaders are authorizing new devices,
  • 56% of business leaders are purchasing third-party applications,
  • nearly 50% of IT leaders have seen a shift in their internal application development, and
  • 75% of IT leaders agree that business users taking control of purchasing and deployment is leading to an increase in vulnerabilities and IT costs.

Finding a Solution

IT managers must find a balance between keeping sensitive data and applications secure and working with business users to continue to grow within new technology. One possible solution is a network virtualization framework, which will not only give the cloud the same security as a physical data center, but also strengthen the network.

Security is the main concern of any business’s IT department as it works to keep data safe and ensure the system is still manageable. However, with more business leaders taking on the role of purchasing and deployment of applications as well as authorization of devices, IT leaders will need to find ways to keep up. Business leaders would benefit from stopping the decentralization of their IT departments, allowing the business to continue to grow and take advantage of flexible new technologies without compromising security and compliance.

How to Effectively Secure Data

by

DataIn today’s vulnerable security landscape, data protection is of paramount importance. Organizations must strive to effectively secure both incoming and outgoing data. No truer is this than with General Data Protection Regulation (GDPR), which offers additional security for encrypted technologies and firewalls. As a form of legislation for mainly European entities, GDPR is designed to protect all forms of data for worldwide companies and private citizens.

The GDPR interface is now being adopted by North American markets as well. In fact, businesses that span several industries are taking security measures to ensure optimal protection for clients and employees. This includes but is not limited to:

  • Integrating GDPR security guidelines for all business data access, transfer, and communications
  • Securing formidable defenses that protect Personally Identifiable Information (PII) for customers and staff
  • Enhancing existing security infrastructure to comply with all GDPR rules and guidelines
  • Ensuring good security hygiene for all business verticals
  • Seamlessly blending new security protocols to enhance existing ones

While GDPR is relatively new, it has resulted in timely and efficient results for a number of organizations. However, this form of security legislation can only succeed if the suggestions below are followed by global companies.

Changing the Business Mindset

Organizations must start thinking about information security in the following ways:

  • As an element that is crucial in enabling daily business protocols and communications
  • As a pivotal and vital part of risk management that enables businesses to secure a competitive edge and protect their brand validity and professionalism
  • As an essential tool in protecting even the most discreet and confidential client and business data across all access points
  • As a technology that is easily integrated with cloud, hardware, software, and communications applications for everyday business

Consistent Security Procedures

GDPR also stresses the importance of being consistent with all security measures, including the ability of staff members to view daily business from a security standpoint. They must have a clear view of how business activity can impact security as a whole. While it may take some time to find the right blend of sound security procedures, GDPR offers a wealth of techniques that have so far had a positive and profound impact on companies of all sizes.

Security First, Business Second

Without adequate and sound data protection, it’s next to impossible to conduct normal business. With this in mind, organizations need to understand the importance of security first, business second. Cultivating an environment of security is not only relegated to IT departments. All employees should play a part in identifying and addressing potential risks on a day-to-day basis. This can include malware and viruses, along with potential vulnerabilities with applications and data protection. It will ultimately be up to organizations how they want to introduce and implement new data security measures.

BYOD in Government Agencies: Clear Policies Protect Critical Data

by

Bring your own device (BYOD) has the benefit of allowing businesses to cut costs on providing devices to employees, but it also creates a number of security issues. This is an especially important factor to consider for government agencies, which often handle very sensitive data but may not have a focused, detailed policy for employees to follow. Employees aren’t necessarily creating security holes on purpose, but agencies should still have a firm policy in place — or make the decision not to allow employees to bring their own devices at all.

Implementing a BYOD Program

If the decision is made to implement a BYOD program, there are a few basics to keep in mind:

  • Create clear policies that outline exactly how employees are allowed to use their devices for work-related data like email and documents
  • Only allow approved application stores, and ensure that employees know they cannot root or jailbreak their devices
  • Use software that allows for work data to be kept separate from personal data and ensures the work data can be easily removed

BYOD and Security

Both potential security problems and their solutions must be spelled out clearly in a BYOD policy. This is especially important for government agencies that need to strike a balance between keeping data safe and avoiding infringement on employee rights. This can involve:

  • Containerization
  • Connection via a secure third party
  • Lockout codes
  • Ensuring employees are up to date with security patches

Agencies should also keep in mind what sort of data they handle, including personal data like SSNs and data critical for infrastructure such as power grids. If the data is too sensitive, or could cause massive problems if it leaked, then it may not make sense to implement a BYOD policy at all.

Deciding Against a BYOD Policy

Even if the agency decides against allowing employees to bring their own devices, the agency should still ensure that all employees are aware of the restriction. Clarity is key to helping protect sensitive data; employees may not mean any harm by using their personal cell phone to check their email or look at a document, but the chance of a security breach is lessened if they know that they’re not allowed to do so.

Mobility is an ever-growing and ever-changing field. In order to keep up with the evolution of BYOD, agencies and businesses should be aware of where their sensitive data is and what it’s being used for. A policy that outlines exactly what is and isn’t allowed will keep all devices, whether personal or business, safe and secure.

Contact

328 S. Jefferson St. Suite 603
Chicago, IL 60661
Ph: 312.753.7880
E: info@CloudSourceServices.com

Newsletter Signup

Stay up-to-date on Cloud Source's news.

↑ Top of Page