1How Enterprises Can Deploy Cloud Services More Securely
Nothing in last year’s news exposed IT security weaknesses more clearly than the 2016 U.S. presidential election. When you add up Hillary Clinton’s emails, John Podesta’s public Gmail and Twitter accounts, and WikiLeaks publishing thousands of emails from sources yet to be named, it’s clear that if attackers can gain access to such highly sensitive accounts, they can hack into any organization. Meanwhile, enterprise IT is going through a massive shift as the digital transformation to cloud services continues. In this eWEEK slide show, using industry information from cloud storage provider CTERA Vice President of Marketing Tom Grave, we offer tips on how enterprises can minimize the risk of data breaches as they plan cloud strategies. CTERA specializes in the digital transformation of enterprise file services.
2Don’t Put a Bull’s-Eye on Your Data
3Protect Corporate User Identities or Metadata
User identities are subject to hacking; enterprises must protect their corporate user identities since loss of user identity is likely to result in loss of the user’s corporate data. Similarly, collecting evidence on the existence of data and its properties can pose a threat as much as losing the data itself. Some cloud-storage solution providers do not adhere to this strategy and keep all of their customers’ metadata centralized in a public place, thus indirectly requesting enterprises to put their faith in them, which poses a significant risk to data confidentiality and integrity.
4Avoid Saas Providers That Generate and/or Manage Encryption Keys
Encryption keys generated in unencrypted servers can provide attackers with easy access enterprise data. Similarly, having your SaaS provider manage your keys increases your susceptibility of losing control of your data. While cloud services providers boast high security, including physical protection of hosting facilities, electronic surveillance and ISO 27001 certifications, many provide no protection against government data requests, blind subpoenas or clandestine spying. Make sure you own user identities, metadata and encryption keys to ensure the highest levels of data privacy.
5Control Your Endpoints and Offices
6Lock Down External Collaborator Access
Implement strict policies to enforce what data can and cannot be uploaded in a file sharing environment, control what domains/emails can and cannot be emailed to, and audit all accesses to ensure there are no anomalistic events. Data loss prevention (DLP) tools can be used to restrict access behaviors.
7Improve Password Security
8Know Your Data Protection Options
Understand the limitations of cloud services to recover data lost in the event of an attack, user error, etc., as part of your vendor’s service-level agreements. Ensure that you protect data residing in the cloud, meaning back up your SaaS applications, as well as services and applications running on a public cloud infrastructure as a service (IaaS) as part of an organizational strategy for backup/recovery of data in all locations (on-premises and in-cloud).
9Investigate Multicloud Strategies
When organizations run applications on multiple cloud services rather than relying on a single vendor, they reduce the risk of a vendor’s service outage, which could cause them significant issues and downtime. This is a critical component of a cloud strategy that enables organizations to preserve cloud optionality while strengthening their business continuity models.