If your company is debating whether to adopt a public cloud or to develop a private computing setup, security is undoubtedly a key driver in your decision making. The appeal of a public cloud is the advanced security tools that even large companies are not able to afford. The millions of public cloud users benefit from the access to first-rate data security without shouldering the burden of a hefty security expense. However, the onus is still on each business to ensure basic security measures are taken and maintained wherever their data is stored.
A recent article in Network Computing suggests several areas in which companies should check for optimal data protection. We hope the following offers a starting point for giving your business a data security checkup, which can contribute to your company’s overall clean bill of health.
Time for a checkup?
- Check on your authentication.
This applies to all users, for all devices. System administrators in particular may be carrying around the keys to the corporate kingdom on their cellphones. A compromised password could lead to a swift and widespread data breach. You’ll also want to make sure that the credentialing or key management process is sufficient, otherwise you might risk inadvertently authorizing a user access to sensitive data. Multi-factor authentication should be required for secure operations. We are even starting to see biometrics using smartphones as a tertiary layer of authentication.
- Check on “orphaned” files or legacy systems. Orphaned files are files that may have been a part of a parent program or deleted somewhere else on the cloud but still exist. Orphaned files are unassociated with any other files, but may provide a hacker with valuable information. A cloud data manager can help to identify these orphaned files. Some users may be running older (legacy) operating systems because of software compatibility or other business reasons that may leave them vulnerable. As mentioned earlier, this is where a checkup can help as regular patching for these systems may be all that is necessary.
- Check on encryption.
As the NetworkComputing article states, “Not encrypting data at rest in the public cloud is a dereliction of duty!” If you are using a cloud service provider, it is important to examine your encryption options carefully. In the case of drive-based encryption, it is all too easy to find encryption key lists online. Additionally, doing a data security checkup may mean looking at the list of administrators who have access to encryption keys.
Of course, this checklist for data security is not an exhaustive one. If your company is looking to adopt a new data storage option, it may be a good time to schedule a free IT assessment in order to make the best decisions about your technology solutions.