Cloud security: how to keep your data safe

cloud security
How safe is your data once it's in the cloud?

According to Symantec nearly half of all business data is now stored in the cloud. For businesses of any size, ensuring that high levels of security are maintained is a commercial imperative that cannot be ignored.

The cloud is clearly transforming every facet of business. SMBs in particular are seeing the cost savings that can be obtained are flocking to cloud-based services. But in the rush to adopt these platforms, security must also be a top priority.

Recent high profile news headlines about data breaches – most of which involve some form of cloud-based services – do little to instil confidence in a small business community that knows that more cloud services are their future.

The good news is that many of the security concerns about the cloud that persist have been resolved and with a properly implemented security policy, any business can use the cloud safe in the knowledge that their data can't be compromised.

SMBs wrestle with concerns

Lee Newcombe, chief information risk advisor at Capgemini said: "Small businesses vary widely in their appetite for risk. In some cases, small businesses are more open to risk because they don't have specialist compliance and security teams holding them back. In other cases the lack of specialist skills leaves the business behaving in an overly risk-averse manner."

David Emm, senior security researcher at Kaspersky Lab comments: "Recently, trust in cloud storage has been undermined somewhat by the Snowden leaks and growing fears about privacy.

"I think it's too early to say whether this will affect the take-up of cloud services significantly. Although, it may well ensure that security issues become a key part of the negotiations between cloud providers and prospective clients."

According to research carried out by Microsoft, nearly half of SMBs surveyed believed that data stored in the cloud was as secure as data stored on their own servers. However, security concerns still continue. Follow these steps to ensure your business' use of the cloud is always safe and secure:

1. Assess the cloud services vendor

Before committing to any cloud service provider take some time to assess their credentials, paying close attention to the security protocols they use.

2. Buy cloud services with standards

Cloud security like most other business process has a number of recognised standards they should meet. Standards to ensure your cloud service provider meets include: ISO 27001, ISAE3402/SSAE16 and CSA STAR, which is the first internationally recognized cloud security certification program developed jointly by the CSA (The Cloud Security Alliance) and BSI (British Standards Institution).

3. Create robust password protection

Many of the successful attacks on cloud services occur because users were careless in their creation and usage of passwords. Incredibly, people still use 'password' and '123456' as their password when accessing data according to research carried out by SplashData. Develop a robust password policy and ensure all of your business' employees adhere to its rules each time they access any cloud-based data.

4. Secure remote access

As business is now transacted on the move thanks to the smartphone and tablet PC, it is vital that mobile access to cloud-based data is secure. Here, using a VPN or Virtual Private Network is critical to ensure data that flows to and from the cloud is always on a secure channel.

5. Encrypt all data

By default all data that moves from your business to the cloud should be encrypted. The SLA (Service Level Agreement) your cloud service provider will want your business to sign should give details of the encryption being used.

Dr Gerhard Knecht, head of global security services and compliance, Unisys says: "Even if dangers and concerns exist, the technologies, regulations and standards are there to minimise the security related fears. FEDRAMP is one such new US regulation that mandates cloud service providers to be assessed before serving Federal offices. This is a step in the right direction."

Moving the perimeter

The approach that SMBs should take to cloud security is to simply view the cloud as an extension of their business. "In 2014 and onward, security professionals can expect to see entire corporate perimeters move to the cloud," said Cisco in its annual security report.

"These network edges have been in the process of becoming far less well-defined in recent years. But with so many applications and so much data in the cloud, organizations are rapidly losing the ability to see who and what is moving in and out of corporate boundaries, and what actions users are taking."

Kaspersky Lab's David Emm concluded: "Before out-sourcing to a cloud provider, businesses need to assess the potential risks in just the same way that they would if they were managing internal business processes and systems. This includes staff education about login details.

"Other issues that need to be considered include where the company's data will be stored geographically, the legal jurisdiction that will apply to the data, what steps will be taken to secure the data on their provider's systems - including how it will be secured from other tenants of the cloud provider -and the logistics involved in migrating the data to another provider in the future."

For most SMBs the cloud is their inevitable destination, but moving their businesses wholesale to the cloud is a step too far at the moment. Creating a hybrid cloud platform is delivering the benefits of more cloud services, yet maintains a level of in-house security that smaller enterprises in particular still need to remain comfortable about their use of the cloud.