Security in the Cloud

Written By Janelle Hsia

Globally, more than 60% of organizational data is now stored in the cloud (Cloud Data Sprawl to Cloud Data Security published 03-02-203). And as this number grows, it is important to ensure we understand good cloud security. Cloud computing offers great efficiency for storing, analyzing, and sharing data, but securing data across multiple platforms and services is no simple task.

Your business uses a lot of applications which are hosted in the cloud.  You probably use a lot of applications personally that are hosted in the cloud too.

What is the Cloud?

You don’t control information in the cloud, someone else does.  The cloud is a network of servers outside our company.  It’s like a giant rental storage unit that can be located anywhere in the world.  You are responsible for ensuring you select the best Cloud Service Providers (CPS) to host your data.

Cloud Service Provider Benefits

  • Your data is available wherever you are whenever you need it.  CSPs have great reliability and availability.

  • Using CSPs is also cost efficient and helps you scale as you grow.  They are easier to get and easier to get rid of when you no longer need them.

  • CSPs have big teams of technical experts to help manage the systems.

Cloud Security Threats

  • It’s up to you to make sure data and documents are properly secured.   If you don’t do this, it could cause a security incident.

  • Hackers target CSPs because they know these providers host data for lots of different clients.  This can also cause a security incident.  One way to prevent this is to make sure your system is always up-to-date.

  • You might not have great visibility into how a CPS works.  If there is a problem, you might not know until it’s too late

Cloud Security Protection

  • Only use authorized apps and services. 

  • Always keep your business and personal data separate. Never store business data in a personal account.

  • Your organization should only allow you to access the information you need to do your job and nothing else.  This is called the principle of least privilege and it keeps you and your organization safe from accidentally using the wrong information.

  • Your organization should have policies about how to keep data safe, and always follow our policies.  Don’t be afraid to ask questions and admit when you don’t know the answer.

Reminders:

  • Only use authorized apps and services.

  • Be aware of the type of personal data you store in the cloud and if it is sensitive personal data. make sure you reach out to your privacy team for extra guidelines.

  • Keep your work and personal data separate.

  • Use the right application for the right data.

  • Implement the principle of least privilege.

  • Follow your organization’s policies.

  • Know how data is managed and protected.

Janelle Hsia
Previous

Sharing Data
Next

Digital Spring Cleaning