The Cloud – Data Security Risk or Refuge?

Nicola Mortimer
By:
On: 13 Oct 2016
Share this post

Cloud Data Security

Is the cloud a security risk or a security refuge for your business data? And do the benefits outweigh the disadvantages? Here’s how you can make the most of what it has to offer your business, without offering cyber-criminals an open door to your data.

I think there are two mindsets in Irish business now when it comes to the cloud. There’s: “why would I trust the security of my data to the cloud? I’d rather have it where I can protect it myself.” And there’s: “that’s data security all sorted; not my problem anymore.” It’s time to blow away the clouds surrounding data security and get a clear view of the issues and solutions.

For businesses of any size, the cloud does bring huge advantages; from easier and more cost-effective scalability to greater mobility, and even – providing you’ve carried out due diligence on your cloud provider – greater data security. But where security is concerned, it’s not really the cloud that’s the issue, it’s what happens to data when it’s not in the cloud. In other words, even if you are relying on the cloud for your data storage, data security is still your responsibility at all other times. That could be when someone in your organisation downloads or uploads data… When someone is working on data on their laptop or smartphone… When they store that data on their mobile device… And even when they decide to catch up on work on the train home and someone is reading their screen over their shoulder.

Broadening your security boundary

If you use defined user profiles to restrict access to specific data and control who can upload and download, you reduce the scale of data circulation and immediately cut risk. But for those who do still have access, an increasing complication is where they have access from.

The growth in flexible, mobile working means you no longer simply have to worry about securing data on desktops in the office, but also on tablets on the train, laptops in the home and smartphones in the coffee shop. Fortunately there are precautions you can take to widen your business’s traditional security boundary beyond the office walls, to encompass these devices. For example, you can install mobile device management (MDM) software on all mobile devices. This will not only protect your network against access by compromised devices, such as a stolen phone, but also incorporate strong password policies to protect access to the devices themselves. And it will enable remote locating and wiping of lost or stolen devices.

Other steps should include separating work and personal applications on mobile devices. This would, for example, prevent copying and pasting from the company email to Gmail. Known security-risk apps should be blacklisted. And you should take advantage of the cloud by storing as much data in it as possible, and as little as possible on the devices themselves. Cloud services such as Salesforce make this easy to do.

Security is a state of mind

Despite the software solutions available to enhance data security, it’s important to realise that effective security is not just about throwing technology at the problem. It’s also a matter of education, training and awareness for everyone in your organisation who has access to data. The shoulder-surfer on the train is only one example of a potential security breach. The highly-secure password jotted down on a notepad is another. (Your employees should think of passwords like their underwear: don’t leave them on the desk, don’t show them to other people, and change them regularly!)

Multi-layered protection

Having a multi-layered approach to security ensures you are minimising risk. Layers should include security software, firewall services, constant monitoring and employee education. Lastly, to come full circle, a sensible security precaution is to move services to the cloud. A reputable cloud supplier will almost certainly have a more secure environment for your data than you will ever have yourself. This means that should a major outage occur, disaster recovery and business continuity will be easier and the repercussions fewer. Because data security is not just about protecting the data, but also about protecting your company from the effects of its loss, which range from immediate financial and commercial damage to long-term harm to your business’s reputation.

So whether you have already begun your business’s move to the cloud, or you’re still considering it, the good news is that the benefits far outweigh the disadvantages. And if you have a robust data security policy in place – as you certainly should – the cloud won’t rain on your parade.