Secure Your Company’s Cloud Data
The cloud, or cloud computing, offers new opportunities for development professionals: mobility, synchronization and data backup, reduced costs …
But the deployment of a cloud, whether public or private, is necessarily accompanied by security measures. They are essential to avoid any risk related to the loss or piracy of sensitive data.
What are the stakes for the company? How to secure cloud solutions?
Cloud computing, new gives for the company
Online data storage and synchronization, or cloud computing, consists of hosting the data on an external server. This practice makes them accessible to several users, from their desktop computer, their laptop or mobile support (tablet, smartphone …).
Cloud computing can use “public cloud” solutions, which are often inexpensive for the company. “Private cloud” solutions, that is to say, tailor-made solutions can also be implemented.
What are the challenges for data security?
In the case of a public solution as for the “private cloud”, it is necessary for the company to put in place a reinforced security. Strategic or sensitive data, or data necessary for the day-to-day running of the company, is likely to transit through the cloud.
The risks of a breach in data security can, therefore, be numerous:
– Loss of dematerialized data,
– Third-party use of sensitive data,
– Use by a competitor of company data,
– Loss of trust of customers of the company,
– Loss of access rights to data …
How to secure enterprise cloud access
Secure a public cloud
The public cloud is a service offered by a third party provider, accessible to both individuals and professionals. Google Drive, Dropbox or iCloud, for example, offer this type of service.
The data is accessible to the account creator, and to the other users with whom he has chosen to share them. Maintaining and securing hosted data is the responsibility of the service provider. Nevertheless, unlike the private cloud separated from the public network, the public cloud uses the public Internet. This can present a flaw.
Several points make it possible to better secure the use of the public cloud in companies:
Opt for a solution that offers good guarantees of security and confidentiality (data encryption, intrusion detection, firewalls …),
Ensure that access can be removed remotely for a user or medium,
Check data sharing and deletion settings for any user,
Ensure the reliability of the chosen solution and the assurances of restitution of the data in case of end of service,
Implementation of good practices to reduce the human risk (access left by mistake to other users, unsecured password, deletion of data due to improper handling …).
Secure a private cloud
The private cloud consists of a proprietary (that is, enterprise-internal) computer network or a data center providing hosting for a limited number of users. We are talking in this second case of private cloud.
When the company’s budget allows, this solution is acclaimed by IT decision makers: it offers notably better security guarantees (encryption of data, no sharing of resources, very limited external access).
Deploying a private cloud requires several steps:
Verification of the security processes proposed by the provider (private cloud) or the IT department (internal cloud) in the event of a security breach,
Establishment of encrypted data protection,
Measurement of the trust given to the service provider (private cloud),
Verification of the conditions proposed by the service provider: geographical location of the servers, conditions of restitution and non-retention of data, non-competition clause …
As for the public cloud, the implementation of this type of solution requires the observation of good practices: the human factor can often be a source of the loophole!
These best practices include limiting the risk of data deletion by a user, automating data backups, monitoring and limiting access to media (computers, smartphones or tablets) that are not approved by the IT department. of the company and ensure their security (see below).
How to integrate the use of mobile devices safely
The use of employees’ mobile terminals in companies and their access to the cloud requires the implementation of enhanced security.
The risks for the are the same as for any access to the cloud: loss of data, piracy of sensitive information, access to sensitive data after the loss or theft of a mobile device … Better security can go through the adoption of good practices recommended to employees. Data loss is, of course, one of the main risks for mobile professionals using their personal smartphones (eg BlackBerry, iPhone, Android) at work. Ask employees to password protect their mobile device so to limit access in case of loss or theft, Recommend remote locking systems, to act quickly in case of theft. These applications can also help to geolocate a mobile device or erase the data, Set up an automatic synchronization of data from the device to the cloud, to save any important data update, advising employees to not download unknown applications and connect securely to wifi access points, to avoid any intrusion.Tags: BlackBerry