Cloud security is everyone’s issue. Bacause this connected, digital world that we live in, we can talk to and see anyone, anywhere and anytime, through touch screens of all shapes and sizes. We can control machines with thought and operate driverless cars. Tolkien himself could not have imagined such a world.
We are all connected, accessing loads of different stuff on millions of different devices. Some of us are working better, being more mobile, more flexible and more efficient and with more choice about how, when and where we work.
But, as Gandalf would say ‘Is it secret? Is it safe?’
In the Lord of the Rings, Frodo had indeed kept the ring of power both secret and safe. But in the real world, are we as careful with the power held in our data?
From the point of view of cloud computing and mobile devices, we are not always getting security right. This is a problem not just because it makes your business vulnerable, but because it can also make your clients vulnerable.
What then is the cloud?
When confronted with cloud computing, many business owners are sceptical and confused. Some do not know what the cloud is and some are unsure about someone else taking control of all their data. This scepticism is justifiable since, in many respects, this data is their business.
The cloud has been with us more or less since the first computers. In my first proper job, we had a computer that took up a whole office. This computer was connected to the mainframe in London and it ran our accounts. The cloud is effectively anything we interact with that is not solely on the device we are utilising for that purpose.
Private cloud is owned by the client, either in-house or in their own or rented data centre. Public cloud is organised through a third party provider and hybrid cloud is a combination of these.
Cloud security – whose problem is it?
So running software of remote servers is nothing new. What is new, however, is the scale of cloud. We access email, work programmes, music, games and more from the cloud. We shop online, book events and chat. And we can stream music, photos and video from one device to another.
The problem with cloud security arises from the service provider (those offering platform, software or infrastructure as a service) and the client (who is hosting or storing data in the cloud). Both are susceptible to hacking, misadventure and sabotage.
It’s always your problem
If you are a business using the cloud, then you might think your only issue is your access points to that cloud. But your clients won’t see it that way if something goes wrong with your cloud provider, even though it is not perhaps your fault.
From a security point of view, it is easiest to say that you are responsible for all aspects of cloud security. While it is obvious you need to protect data in your control, you also need to ensure that third party providers are delivering the necessary service to protect the data they hold for you.
Ensuring cloud security
When it comes to data security, then breaches and loss are not just a financial problem. They are also a brand and credibility problem, as well as a legal problem with regard to the Data Protection Act.
This is not to scare you unnecessarily. Services from the likes of Amazon, Microsoft, Google will be far more secure than any small business could achieve. Smaller providers may be more of an issue, however, and there are various precautions you should take, regardless of the provider.
- Choose suppliers carefully. Understand what they are offering, what their procedures and systems are and determine where your responsibilities begin and end
- Plan and control all aspects of safety, protocols and compliance in their system and the connection to yours
Again there are simple but effective steps business owners can take to protect their data:
- Protect hardware and infrastructure. Ensure you protect your internal hardware like switches, routers and PC’s, software and applications and your network at all levels
- Secure data. Protect against data loss through implementing policy for storage and access and for use of mobile devices, with particular reference to BOYD. As a secondary measure, ensure encryption of data, in case of loss.
Many businesses worry about cloud from a security point of view, thinking that their data is vulnerable on huge great servers that they can’t see. The truth is, however, that though they are vulnerable (because nothing can be 100% secure forever) they are as safe as they can be because they are too big to fail.
No, the real danger is much closer to home and business owners, IT departments and employees are not always giving these security issues the diligence they deserve.
Employees can pose biggest risk
According to Insight, a recent report from Ovum and Samsung reveals that ‘around a third of all BYOD (Bring Your Own Device) activity is invisible to the IT department’. Also ‘nearly two thirds are not working to any formal IT policy’.
Evidence also suggests that significant numbers of employees feel no sense of responsibility towards security of mobile devices. Many do not even set up any form of log-in mechanism. Employees also access confidential information and install apps on public wireless connections.
Every employee with a mobile device and who conducts work on that device should be part of a planned policy that provides best practice. This would include any data stored on the device and how it connects to the internet. It would also include protection log-on protocols, data encryption and looking at and approving, if necessary, any apps downloaded. This is true of company devices but especially true of BYOD devices.
The risks are not just about lost or stolen data, but also about viruses and sabotage, downtime, loss of earnings, data protection issues and credibility with clients and prospects as well as potential legal action.
Benefitting from the cloud
Taking precautions should be standard procedure and should not put anyone off the cloud. From the point of view of data being stored on mobile devices, the cloud is invaluable. It stores the data for you, so the danger from lost or stolen laptops, tablets and phones is reduced.
Other benefits include flexibility, agility, scalability, disaster recovery, automatic software updates and cost control. It is also important as part of an agile working policy, enabling employees to work from anywhere, at any time on any device.
The world is moving forward and there are opportunities to work in ways that better suit businesses and employees and provide far greater freedom and choice. This, in turn, however, brings its own problems. Business owners would be well advised to take greater lengths to keep their data secret and safe.
For more information on getting cloud security right, read this white paper from PC Connection.