Cloud security continues to be a hot topic of conversation, and rightly so. The threats to the cyber world are fast changing, and ever increasing. And in a world which now sees more people than ever working remotely, it’s crucial that businesses understand the steps they need to take to ensure their IT systems remain safe.
Where is your cloud?
As a colocation and cloud provider, one thing we notice when it comes to colo, is that customers ask a LOT of questions. When it comes to cloud, not so much. But as a cloud user, or indeed a cloud provider, you need to know where your data is being held. How is it being secured - both digitally and physically? Have you visited the data centres that house your data? If you’re handing over business critical data without fully understanding where it’s going, who’s looking after it and how it’s being supported, you could come unstuck. Especially if any industry specific legislation requires your data to be kept in a particular place. Some data centres, for example, could fail over to an EU back-up facility, so if you’re required by law to keep your data in the UK (particularly with Brexit in mind), these are the types of details you need to be investigating.
You can learn more about this in our free download - 10 Questions You Should Be Asking Your Cloud Provider
Because we work in a digital world, the physical security of our business data sometimes takes a back seat. But actually, it’s the most important aspect of securing your cloud data. The cloud, of course, is essentially just a lot of data centres connected to users by the internet, so as well as the obvious cyber security challenges, the physical security of the data centre facilities - the actual buildings themselves - is paramount. In fact, because data is becoming increasingly difficult and practically impossible to hack through security features such as firewalls, end-to-end and at-rest encryption, anti virus and so on, the physical theft or damage of data is a very real threat. Your cloud data will sit on servers, which should be in locked cabinets in a data centre. And the data centre should be completely impossible to enter without authorisation. Think security fences around the perimeter of the facility, CCTV, biometric access control, virtual trip wires… basically, if your name’s not down, you’re not coming in. Your cloud provider should be able to arrange fairly easily for you to visit the data centre where your cloud data will be stored, so you can see all of this for yourself.
You are the weakest link. Goodbye.
Humans are without any shadow of a doubt, the weak point in any IT infrastructure’s security. Social engineering and phishing scams are becoming increasingly sophisticated as cyber criminals and hackers work to exploit human curiosity. And this creates a really easy way for cyber criminals to get around any digital or physical security measures. You can implement all the cyber and physical security procedures in the world, but if just one person clicks on one wrong link… well, it could be game over.
Employee education is the way forward with this, coupled with some simple, but vital policies such as user access reviews, password policies, BYOD (Bring Your Own Device) policies, working from home policies and Mobile Device Management (MDM) to help educate your staff and encourage a greater awareness. If your employees don’t think you take security seriously then why should they?
Consider a centralised remote or hosted desktop solution so that you can ensure the same levels of security no matter where your employees are working from. This will give your teams anytime, anyplace access to desktop, data and business applications which not only adds security to your infrastructure, but resilience, business continuity and critically, peace of mind.