NCSAM Tip #10: Cloud Security for Everyone
Cloud services. You may or may not think about them, but they are no longer a talk of the future. Some of you probably listen to Rhapsody and Rdio, which are cloud-based streaming music services. Others perhaps use a cloud-based compression service Onavo to shrink your smartphone data and your monthly bill. Storage (Dropbox), email, social media, banking, location-based services (GPS), just to name some, all at your fingertips. For small and mid-size businesses, there’s a wide range of cloud services including productivity, finance, and accounting. For many companies and organizations, cloud adoption is on top of their priority list.
Before we continue to ride the cloud at lightning speed, shall we pause a moment to reflect on the risks? After all, there are many things that can threaten our data and services. To learn more about the current threat landscape, watch a rich and compelling on-demand webcast by Patrick Gray, principal security strategist at Cisco. Here are some specific concerns and action to take.
1. User accounts: Breaking into user accounts is a quick way for hackers to gain access to your online data and privacy.
Action: Use strong passwords to protect your accounts and update them on a regular basis. Ask your cloud service providers if they have additional suggestions to secure access to your accounts.
2. Network threats: When you connect to cloud services via wireless in a public place, someone might be monitoring and intercepting the network traffic. You have the same risks at home – someone might break into your home wireless networks.
Action: Secure your access to the cloud by using VPN connections, encrypted web traffic (https/SSL), and secure wireless access.
3. Data security: Consumers expect that cloud service providers do a good job to protect data safety and privacy. However, a series of recent high profile break-ins show that hackers can actually accomplish massive intrusions by reaping information on millions of user accounts and credit cards.
Action: Ask your cloud service provider how security is handled, as well as what the provider would do should a breach occur. Make sure you understand and are satisfied with their answers. For companies and organizations that are moving to the cloud, consider the multi-tenant nature of the cloud and establish a strategy to address secure segmentation, data encryption and key management. It is a good practice to keep your keys away from the cloud provider by using a third-party to handle the keys or handle them yourself.
4. Trust: How much can you trust the provider and who is responsible for security breaches in the cloud?
Action: As a customer, ask your provider their privacy policies and their notification process in case of a breach. For business owners, make sure that you have a strong service level agreement that documents your rights and guaranteed services. Trust, but verify.
5. Device security: Your devices connect you to cloud services and they are also frequent targets of attacks. When they are infected or compromised, the personal information residing on them may be used to cause further damage.
Action: Secure your devices by keeping them current and up-to-date. Be app-smart with your mobile devices.
6. Lost or stolen devices: When your mobile devices fall into the wrong hands, the information on these devices is in jeopardy. Malicious people may use the information to gain access to our cloud services and data.
Action: Check into remote wipe, pre-registration, or other ways to handle lost or stolen devices.
7. Contingency: Cloud services are designed to be “always-on.” But there’re always unexpected situations, including cloud service outages. Customer services are interrupted when these outages take place.
Action: Create a fall back plan in case your cloud services are interrupted or your data in the cloud is permanently lost.
Stay safe in the cloud!