Data security is constantly on the mind of an IT Leader, particularly that of Cloud Security in a cloud-based environment. It seems to be that a news item every day tells of a major serious breach at a high-profile company or government organisation.
The IT Leader needs to consider the question – “Are your data really safe in the Cloud?”.
The main areas of concern will vary slightly depending on the type of cloud environment, if it is wholly in-house using cloud technologies, or outsourced to a service provider.
Cloud Security differs from the security of a traditional ICT environment. In a traditional environment there are few external interfaces, usually well-controlled behind a firewall; all users are known and registered users with a security profile; and there are limited type of devices attached to the network. The chief concern here is online security and users transferring data in and out of the network using data transfer or physically on removable devices.
In Cloud Security the number and type of external interfaces that need to be managed and monitored have increased. In addition to an Internet Connection supporting email and web surfing, the Internet interface now supports access to social media, support of VoIP voice and video calls and incoming connections from both internal and external users.
Given the changes and new volatility of the Cloud environment the strict black and white answer to the question “Are your data really safe in the Cloud?” is no. But that is true of any environment, not just the cloud. Anti-Malware software and procedures have improved beyond measure, and cloud service providers are actively engaged in ensuring the safety and security of their client’s data. A case could be made that because of their client focus, data hosted by a cloud service provider is better protected.
For internally hosted and managed systems, there is a great deal the IT Head can do to prevent and attack or intrusion and mitigate its effects.
To consider defence first. The usual sporting analogy is that offence is the best defence. The anti-malware and intrusion systems must be proactive. Implement, and use, network management software that can detect unusual patterns of activity, particularly at the firewall. Even if it affects performance make sure that the full range of protection is enabled on your firewall. Have staff dedicated to observing and managing the security of your systems.
Don’t neglect the desktop. Malware can spread across a network with lightning speed. All desktops need to be equipped with up to date malware protection.
Many attacks begin with users. A phising email sent to everyone will see how many employees actually respond. Users might introduce malware inadvertently or deliberately into the network using a removable device. They might try to steal data using a removable device. Their DVD and USB ports should be disabled in the BIOS to stop them.
Second, how can you improve your chances of a full recovery?
Create, and test a cloud backup regime that allows you to take your environment back to the factory settings and completely reinstall all operating and network systems, applications systems and data from a backup suite. Test it, because it wouldn’t be the first time that backup media is corrupt or empty. If you use an outsourced cloud service provider make sure that they have a backup regime that you re confident will protect you against data loss.
Don’t be complacent. Even if you have industrial strength malware protection, you will be hacked at some point. To reiterate – The answer to the question “Are your data really safe in the Cloud?” is no, but you can protect yourself.