May 23, 2018 by Siobhan Climer
There’s a reason financial experts do not recommend stashing cash under your mattress.
Mattress money isn’t safe.
And yet a recent study by Amex found that 43% of Americans do just this. Why? The reasons are numerous, but the one theme that stands out again and again is that when people have a tangible connection with their cash, they feel more in control. For many, that control feels like security.
It’s the same with data. Lots of businesses are hesitant to move their data off premise and into online storage because it seems easier to protect your data when it’s on-site. But control doesn’t equal security. Security is strategic and encompassing. The cloud is just as safe – if not safer, according to recent reports – so long as the right configurations are in place.
Data Security In The Cloud
It is important to remember that cloud providers and businesses share the responsibility for cloud security. While cloud providers do secure their physical environments (data centers and servers), the virtual machines and applications remain the responsibility of the user. A lot of cloud providers do have tools to help secure workflows and data, but these tools only work when configured correctly. In addition, businesses must continue to protect their own networks, user data, and applications. In short, just because your data is in the cloud doesn’t mean you should keep your passwords on a post-it under your mousepad. Ever.
A managed cloud network is just one way to plan for data security in the cloud. We’ve addressed the steps you can take to ensure that security remains a top priority during your cloud migration. Download our Path to the Cloud Analysis to learn how Mindsight can help your business maintain continuity during a transition to the cloud.
Steps To Securing Your Cloud Data
Step 1: Ensure Responsibility Is Assigned
Know where your cloud service provider’s security responsibility ends and yours begins. Most public cloud providers, like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform provide software-, platform-, and infrastructure-as-a-service (SaaS, PaaS, and IaaS) offerings. Large public cloud providers typically deliver a higher level of control and security than any single on-premise user could secure, especially since large government offices (i.e. the Department of Defense) and huge companies (i.e. Apple) are using these same cloud providers.
However, a close reading of the various cloud providers’ terms and agreements documents draws a distinction between physical security, role-based access, and your workload processes. Take initiative and make sure everyone on your team understands their responsibility for maintaining data security in your cloud environment. If you are unsure how this impacts your business, contact Mindsight or your cloud provider to clarify.
Step 2: Control User Access
In a public cloud environment, there is a lot of room for error. Companies that have faced data security cloud breaches have typically made an error in their configurations. Even a simple mistake – such as enabling global permissions on servers by using 0.0.0.0/0 in public subnets – can open the doors to malicious intruders or any internet wanderer. Implement a peer-approval process so that no single team individual is solely responsible for addressing user access, or bring in an IT consulting team to assist with migration and cloud management.
Step 3: Protect Data Using Encryption
Encryption is a straightforward way to address data security concerns. Failures by state governments and even the Pentagon to properly encrypt data have led to several private citizen data security scandals over the last few years. Your team should encode data before moving to the cloud. Most public cloud providers offer encryption services, but these tools are only valuable and effective when properly implemented.
Step 4: Secure Credentials For All Users
They are called access keys for a reason. You don’t leave the keys to your house sitting in your mailbox, so don’t leave your access keys in publicly accessible places either. Unless properly secured, these access keys end up on public websites, in source code, and in dashboards. Restrict user access and make sure your keys do not have broad permissions. Create a unique key for each external service you use, and rotate your keys at least every 90 days.
What is often frustrating for IT is that even after they have properly secured their system, the system users may not engage in secure behaviors. For example, a user who uses the same password over and over across several applications is mathematically increasing the chances their identifying information will be stolen and used maliciously. Multi-factor authentication (MFA); long, memorable passwords that change across platforms or a password management system; password change requirements; and a managed services provider, like Mindsight, are some of the steps you can take to create multiple lines of defense.
Step 5: Test And Adapt Security Protocols
The road to data security in the cloud is lined with tests. Vulnerability testing puts the data in your hands; you can be confident that your defenses are secure. It is important to make sure all users acknowledge and follow security protocols. Remember the data you store in the cloud can be just as secure as your on-premise solutions, so long as you follow your cloud migration plan.
Finally, embrace change. Technology is always changing. You will need to change, too. The trouble is change can be uncomfortable. But, then again, so is money under your mattress.
Contact us today to plan a roadmap for your migration to the cloud.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.