For small business owners, the draw that the cloud places on their enterprises is too great to ignore. Indeed, ignoring the cloud could place their businesses at a commercial disadvantage. Therefore, developing a comprehensive security policy is a must. Your business' cloud security policy should include:
1. Planning for implementation
One of the main issues with the small business use of the cloud is a lack of planning. The security profile of the data your enterprise will store in the cloud will influence which service your business chooses.
2. Where could your data become vulnerable?
Intel advises: "Regardless of the cloud delivery model you choose, your best approach is to review the specific service architecture, and then layer technologies to develop a strong security net that protects data, applications and platform, and network at all levels."
3. Cloud service location
As the cloud services your business accesses could be based in another country, assess the legal requirements regarding security that your data must adhere to, and whether your cloud service provider can meet these in their location.
4. Making the data connection
Moving information to and from the cloud must always include high levels of encryption. Intel states: "Certain industries, such as healthcare and financial services, require organisations to meet certain regulations and standards for the way they protect data. Increasingly, these and other regulations are encouraging – and specifying – encryption in certain usage scenarios, including cloud computing. The penalties for noncompliance are stiffer than ever."
Says John Culkin, Director of Information Management, Crown Records Management: "Out of sight, out of mind is not an unusual attitude when it comes to cloud storage. Unfortunately it isn't true – the organisation still remains the data controller and is responsible for it.
"Whilst there are many advantages to using cloud storage, including physical and data security, depending on the configuration and use of a service, compromises can be introduced. In the same way as a builder puts locks on doors, neither the door nor the builder is responsible for making sure you keep the doors and windows locked, or controls who you give keys to."
Security measures
Trend Micro offers up these steps to improve your business' information security:
1. Close your organisation's doors to malware
Installing and using effective anti-malware solutions in systems and devices that contain or have access to sensitive information is important.
2. Stress how important protecting data is
Inform your employees and other insiders about your company's security policies. Stress the personal and business consequences of not protecting their mobile devices, systems, storage devices, and the confidential data these contain from loss or theft.
3. Don't let social networking endanger your network
Teach your employees how dangerous over-sharing in social networking sites can be. Even if you cannot stop them from sharing information in social media, you can opt to limit the amount of time they spend on these sites while at work to lessen the chances of your company's security perimeter being breached.
4. Think of passwords as keys
The stronger the passwords to accounts are, the harder they are to crack. Keep in mind that without the right keys in hand, malicious insiders and outsiders alike will have a much harder time getting to your company's crown jewels.
5. Patch holes in your organisation's walls
Identify which information is critical, who could and should be able to access it, then investigate the best ways to protect it with the aid of a trusted IT advisor. Like holes or cracks in walls, areas where your company data is most vulnerable can cause your security perimeter to crumble.
6. Knowing is half the battle
Tell your employees that although losing unencrypted and improperly protected data stored in mobile devices may get them into trouble, failing to report such incidents is worse. This does not only put them but also their colleagues, customers, and the entire organisation at great risk.
SMBs are not powerless to act when it comes to securing sensitive data, and can develop a robust response to the data security threats their enterprises face. And with a major overhaul of the EU data security regulations incoming, considering your company's approach to all its data management security is timely and critical.
