Banner

Common Sense Steps to Prevent Cloud Data Breaches

Amazon, Dropbox and Google and most serious cloud app providers disclose similar security info so decision makers are well informed. They want all businesses to know that, from their perspective, your data is:

  • As private as possible
  • Protected from intrusions
  • Always available
  • Safe from loss
  • Compliant

While this information is good to know, these disclosures also give businesses a peek behind the curtains. Decision makers should ask themselves whether or not their security measures are on par with businesses whose bottom line is dependent on digital security. Microsoft has a white paper available to disclose their internal security practices for Office 365/OneDrive which goes into a little more detail than other cloud providers. Office 365/OneDrive security procedures have:

  • Auditing for all operator/administrator access and actions
  • Zero standing permission for administrators in the service
  • Just-In-Time access and elevation that is granted on an as-needed and only-at-the-time-of-need basis to troubleshoot the service
  • Segregation of the employee email environment from the production access environment
  • Mandatory background checks for high-privilege access. These checks are a highly scrutinized, manual approval process.

What businesses should note is that reputable cloud app providers like Microsoft take their client’s digital security very seriously. They go the extra mile to make sure that they do everything practical to uphold their end of the bargain, so the weakest link in cloud app security resides with their clients. Businesses should ask whether these are assurances they can offer their own clients. If not, why?

Ask not what the cloud can do for you…

Most users see the benefits and ignore the new responsibilities that accompany cloud apps. Cloud app use for businesses is a two-way street. Here are a few other questions businesses should be able to answer:

  • What cloud services are in use and are they effective in supporting the needs and goals of the department and/or the business?
  • Are there cloud services that are redundant and can be dispensed with?
  • What are the risks inherent in the use of each cloud application and what are the data and security policies of the providers?
  • How much are we spending on cloud services, can savings be made and would consolidation strengthen negotiating power to reduce costs?
  • How are the cloud services managed and what service level agreements are in place?

Let’s review. Are you doing everything you can to make sure your client data is:

  • As private as possible
  • Protected from intrusions
  • Always available
  • Safe from loss
  • Compliant

Many businesses fall short in these areas, but we have an easy and practical approach to cloud security that starts with monitoring. Cloud activity monitoring gives businesses the ability to see what’s happening so that cloud security isn’t just an afterthought.

Category
SaaS Security