Chris Russell, CTO, Swivel Secure
For businesses planning a move to the cloud, the benefits in cost, mobility and scalability must be weighed against the threat of a data breach. If sensitive corporate data is hacked, restoring customer confidence and repairing damage to the brand can be a costly and difficult task.
Here are Swivel Secure’s top five tips for mitigating risk when migrating to the cloud:
- Find the right cloud provider. Amongst several factors, such as pricing structure and scalability, cloud providers should have a number of security measures in place. From a vendor perspective, there lies an opportunity to educate channel partners on why authentication is an essential value added service on top of cloud.
- Try to find the right balance between security and agility. Every business needs to focus on locking down its data in the cloud, but must not allow its business processes to be constrained by the security measures put in place, otherwise growth will be inhibited. Adaptive authentication solutions now enable the IT team and internal departments to introduce proportionate levels of security ‘friction’. Enterprises can deploy different authentication parameters for different users and services within the same installation and under the same license, applying exactly the right level of authentication to any given scenario.
- Focus specifically on the areas of weakness. Too many cloud vendors champion the physical security of their data centres, but in reality, they’re not set up to defend the millions of vulnerable access points that hackers will use in a phishing attack. Enterprises need to enforce the same level of security on a network level. Those responsible for corporate security must take a holistic view of their company data, assess what is ‘business-critical’ and set up appropriate defences – including the implementation of strict user policies.
- Educate employees on good security practices. Communication needs to be consistent and regular between the IT department and employees and the first stage must begin at the induction. On joining, users need to be walked through guidelines for IT security protocol, including bring your own device (BYOD) policies and general ‘do’s and don’ts’. Ultimately, employees must appreciate that some level of authentication is necessary when dealing with corporate data.
- Consider alternatives. Just as Dropbox has made cloud storage seem to work as local storage, new advances in storage drives and the software that serves them may make local storage seem as accessible and cost-effective as their cloud alternatives. More providers are now combining high capacity, high availability and low cost local storage, which gives cloud-wary businesses genuine alternatives.
For many industries that hold large amounts of sensitive data, using a cloud vendor has distinct benefits. But this is precisely the kind of data that the majority of attackers are looking for. Corporations must wise up to the dangers that they are exposed to and make simple but powerful changes to secure their access gateways. By doing so they can finally dispense with the fear that has dogged cloud migration for years and begin to use this powerful environment to its full potential.
If you would like to discuss your cloud authentication needs, please Contact us.