Migrating to the Cloud the Secure Way
It is 2018 and “The Cloud” continues the trend of upward growth. The Gartner Group predicts by 2021, 28% of all IT spending will be for cloud-based infrastructure, middleware, application and business process services.
Online services help make our work and personal lives more productive and easier. Some advantages of the cloud are that you can easily access your data from anywhere and sync it with more than one device. Another advantage is you can easily share your information with anyone you want to.
It is, however, this very ease-of-use that makes the cloud riskier than on-premises solutions. You are, after all, turning your data over to an outside party.
We want to cover how you can securely make the most of the cloud.
For your work computers or work-related information, it is a good idea to first check with your IT department and see if your company allows you to use cloud services. If it is confirmed you are allowed to use, make sure you know specifically which cloud services are allowed and what the policies are on how to use them. If you are looking for a cloud service for your personal use, here are some things to consider:
- Security: Find out what, if any data is collected about you by your cloud provider. How will your data move from your computer to the cloud? How is it stored? Encrypted? Also, if it can be encrypted, who can decrypt your personal data?
- Customer Support: How easy is it to get help or have your question answered? Is there an email address to reach out to? Are there public forums to provide additional help or that you can post questions to? Is there a FAQs link on their website?
- Ease-of-Use: Is it easy to use the service? If the service is difficult to use, the chance for making mistakes and accidentally exposing or losing your information, increases. Selection of a cloud provider that you find easy to understand, set up and use is a smart way to avert accidental risk of exposure.
- TOS: Take time out to review and read (the can often be easier than you think) the Terms of Service. You can confirm here who can access your data. It will share what your legal rights are as well as any security responsibilities that are assumed by your cloud provider or that are required by you.
Congrats, you’ve made a cloud provider selection! Whether for personal use or on behalf of your company, the next step is using your cloud services the proper way. There are important steps that you can take to secure your data in the cloud:
- Authentication: Strong and unique passphrases to use for authenticating your cloud account. If two-step verification is offered by your cloud provider, it is highly recommended that you enable it. This is one of the most important steps you can do to protect your account.
- File / Folder Sharing: It is convenient to share from the cloud; however, user beware! For example, you may think you are sharing your files with a specific individual, but you may inadvertently make your files (or even entire folders) publicly available for anyone on the web to access. A smart practice in protecting your data and files is to not share anything with anyone by default. Only allow specific people (or groups) access to specific files/folders with restrictions. You can allow access on a need-to-know basis and remove it when it is no longer needed. Your cloud provider should make tracking who has access to your files and folders readily available to you.
- Using Links for Sharing Files/Folders: A common cloud service feature is the ability to create web links that point to files and folders. Link sharing your files offers little security. Consider this scenario: You share a file via the web link with a trusted individual and this person shares your link with another. Before realizing it, your link is showing up in search engines. Be sure to disable the link once it is no longer needed by either (if possible) protecting the link with a password or setting an expiration date.
- Know the Settings: You should read and understand your cloud provider’s security settings. Can other individuals share your files/data without your knowledge? Also, are there ways to see who has viewed your shared content and when it was viewed? Are you allowed to share with “read-only” access versus giving full read and write permissions?
- AV (Antivirus): Is the latest version of antivirus software installed on your computer? What about the other computers (or devices) used to share your files or folders? If by chance a file you are sharing gets infected, other computers are also at risk. Be sure AV on all systems is up to date.
Many companies rely on having control of their physical facilities to frame the critical security and compliance strategies that form the foundation of internal governance. But, data governance methods that worked for traditional on-premises systems simply won’t work for the cloud. As organizations move data to the public cloud, enterprise control decreases, and more responsibility falls on the shoulders of the cloud providers. Therefore, organizations must shape their governance strategies to rely less on internal security and control, and more on their cloud provider’s offerings.
Sword & Shield partners with you with our Cloud Migration Security Planning services to assist your company with navigating common issues faced when planning for a cloud migration to make this process as secure as possible.