Mitigating Cloud Computer Security Risks in your Small Business
If you’re not already reaping the benefits of cloud computing, you must be seriously contemplating on shifting some of your businesses’ IT requirements to a cloud, especially if you’re reading this article. Indeed, cloud computing sounds like a great proposition to cut down on the computing costs and to gain access to better computing capabilities. Nonetheless, most entrepreneurs and small businesses shrink back from the option of using cloud computing for one big reason – the high level of security risks it brings. Certainly, there are a lot of security risks associated with cloud computing, but at the same time, you must recognize the fact that most of these risks can be easily taken care of. Here are some simple and easy tips to help you handle some of the cloud computing risks in security, targeted at helping small business owners. And well, when we say simple and easy we mean it, you don’t need to be a technical person to follow these tips.
The Right Place to Get Started
Security risk mitigation shouldn’t come into the picture only after you have purchased a cloud computing service, rather it should be considered at the time of choosing a cloud service. You need a vendor who has clearly written policies about the rights and provisions you get to enjoy once you sign up. Taking a little pain here to find and evaluate vendors will save you from a lot of potential trouble in the future. Here are a couple of things you need to inquire from potential vendors:
- Every cloud has some privileged users, who mange your data. Some of the things you must find out about these privileged users are – how does the vendor watch over these users and to what extent can they access your information.
- Does the vendor act in accordance with the governing rules and regulations and do they have the required security certifications?
- Ask the vendor about location of the data storage. Also, check whether the storage facility complies with the privacy policies of your local jurisdiction.
- What is the cloud provider’s policy on data recovery, in case of a disaster? In case of a total failure, does the vendor have facilities for a complete restoration?
- What happens if the vendor decides to close down business or to sell it over? In what format will the data be returned back to you? Can the returned data be easily used on some alternative application?
If you do a thorough check on these small details before signing up with a cloud vendor, you will cut down nearly half of the cloud security risks.
Every business has some information that is highly confidential, and storing this on the cloud may not be in your best interest. Be selective about the processes and the information you plan to shift to the cloud. Anything that is critical or confidential is best kept on local machines.
Encrypt Sensitive Data
All exclusive and sensitive data you’re putting on the cloud must be encrypted, and the encryption keys should be closely guarded. Cybercriminals can steal data only if you are using an insecure API. But when the data is encrypted, it cannot be decrypted unless one has access to the release keys. The sensitive data should remain in the encrypted form not just during transmission but also when it is stored in the cloud. An equally important rule to remember here is that all such information is decrypted only within the secure container of your virtual machine. For an additional layer of security, supplement encryption with DLP (Data Loss Protection) software and you can be doubly sure that your data is protected irrespective of whether it is in use, in transit or at rest.
Protect Your Virtual Machines Individually
Even though every good cloud service has its own built-in firewall, IPS and IDS to protect the cloud, it is not enough to ensure complete security of your virtual machine. IPS means intrusion prevention system and IDS means an intrusion detection system, and the two are sometimes collectively known as IDPS (Intrusion Detection and Prevention System). IDPS observes events, identifies possible incidents and reports them to the security administrators. You can radically reduce cloud computing security risks by ensuring that each and every virtual machine you are using is individually protected with a firewall and IDPS. Building up this security perimeter will protect you not just from outside attacks but also from malicious insiders operating within the cloud.
Limit Privileges and Access
Set down limits on the privileges of the users and the administrators. In addition, use stronger passwords and two-factor authentication to prevent unauthorized access. Two-factor authentication, which comes inclusive in most cloud computing packages, uses a double layer of identity verification to restrict access.
Monitor Privileged Users
As we mentioned earlier, every cloud has a few privileged users, and it is important to constantly keep checking on when and for what your account was accessed by these users. Nearly every cloud service comes with tools to keep track of these privileged users and your authorized users. Make it a point to periodically scan through these reports to identify any abnormal activities.
Learning more about cloud computer and the security risks that come with it and implementing these simple proactive measures we have listed here will go a long way in mitigating cloud IT risks and letting you take full advantage of cloud computing.
- Mitgating Cloud Security Risks - Trend Micro - http://cloudsecurity.trendmicro.com/mitigating-cloud-security-risks/
- Image by: Sidharth Thakur
- Gartner: Seven Cloud-Computing Risks - Inforworld - http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853?page=0,0 (2009).