Cloud security best practices

Storing data in "the cloud" is big business. The cloud exists in various forms of software and services like Apple's iCloud, Google Drive, Dropbox and Microsoft Azure, which store your information on the internet. Despite concerns over cloud computing threats and vulnerabilities, more than two-thirds of U.S. businesses surveyed in the past year planned to increase their cloud computing spending.¹

Ninety percent of small businesses in the U.S. say their cloud storage is secure, according to the annual Cloud Storage Survey 2017.¹ Yet, interestingly, 62 percent of small businesses that store customer credit card and banking information in the cloud, and 54 percent that store medical data, say that they don't follow industry regulations—even though some of those regulations are mandatory.¹

Fifty-six percent of U.S. businesses spend more than $100,000 per year on additional security measures for their cloud data storage.¹ Can you truly have cloud security? Are you following best practices to secure your company's data?

Cloud security concerns

There are three main concerns when it comes to cloud computing threats and vulnerabilities. The first two? Physical security details where the company's physical assets are located and how well they are protected. Infrastructure security ensures that security patches are available as soon as needed, and ports are regularly scanned for abnormal behavior. These responsibilities fall under the cloud providers' umbrella. Their business relies on the integrity of their physical and infrastructure security.²

The third concern is data and access security, which includes data encryption and controlling user privileges. These are usually the user's responsibility, not the cloud provider's, and where the majority of security breaches occur.²

The average organization, according to a Skyhigh Networks survey, uses more than 1,000 cloud apps, and an average employee at that company uses about 28 cloud apps.³ Employees often store sensitive work data in these apps, not realizing the security (or compliance risk) they are creating. More than a quarter of employees have uploaded sensitive data, such as personal identifying information, payment data and protected health data, to the cloud.³ It's critical you educate your employees about company policies regarding this risky behavior.

How can you reduce your company's vulnerability?

Follow these best cloud security practices so that your data is as safe as possible.

1. Encrypt any data you are sending into the cloud and only transmit it over a secure connection.⁴
2. Work with a provider that automatically encrypts all files for storage.⁴
3. Use strong, unique, complex passwords and change them often. Consider using a password manager. Use multi-factor authentication.
4. Manage your cryptographic keys with the utmost care.⁵

Your sensitive data could be at more risk if your employees work on their own devices. Make sure you are adequately managing security risks on external devices and have rules about what sensitive information is allowed on personal electronics.⁴

Protect against data breaches by keeping all operating systems, browsers and applications updated with the latest patches. Use anti-virus and security software. Have a policy for employees to alert management to suspicious emails or files.

Most cloud services protect against Denial of Service attacks; ask about this. Prevent such an attack in the first place by using a content delivery network, a web application firewall and conducting regular security audits.⁶

There will always be concerns about the cloud's security, but businesses are becoming less suspicious as cloud computing becomes more mainstream.⁷ Back up your data, keep your sensitive business materials out of the cloud and use common sense when managing the rest.