According to Network World, IT security is like dental floss: It offers big benefits without significant time investment, but requires discipline. And just like the millions of Americans who tell their dentist they meant to floss everyday but got sidetracked by other tasks, it’s easy for IT professionals to get distracted by the hundreds of issues clamoring for their attention.
This is especially true when it comes to cloud computing management — while the cloud remains a top security concern for companies worldwide, finding the ideal balance between safety and speed can be difficult and time consuming. Here are seven tips to take your cloud security a step farther.
Get in the Boardroom
As noted by a recent Beta News article, security concerns about cloud adoption are now reaching the boardroom. In many cases, however, C-suite executives aren’t properly equipped to evaluate cloud risk. To improve cloud security management, IT professionals must become an integral part of any boardroom discussion about technology adoption, investment or potential risk. By supplying corporate officers with a broader perspective and specific details of cloud security at the corporate network level, it’s possible to create a management policy which provides budgetary support and C-suite approval.
Embrace the Shadows
Companies often fear the notion of “shadow IT” — the large number of enterprise end users who tap into whichever cloud services suit their purpose and whenever they prefer, with or without IT approval. But as Cloud Tweaks points out, there’s an opportunity here to increase cloud management security by embracing this IT underground rather than trying to drive it away. That’s because eliminating shadow IT is almost impossible and extremely costly, and many of the services being used may actually offer long-term benefit. Bring them under the auspices of IT professionals and the network can be made secure without employee backlash.
Another cloud security concern is loss of control. According to a recent study from Sky High Networks, 38 percent of companies asked said that losing control over IT services was a “top challenge” in cloud adoption. The problem? Holding too many services close to the chest makes security impossible. As a result, enterprises need to seek out secure, managed alternatives to in-house IT security which offer the technological backbone and transparency required to satisfy upper management. Communications is a good example — handling an in-house call center might be secure but isn’t cost effective. A hosted PBX, meanwhile, offers increased ROI and improved security for incoming and outgoing calls.
Protect Data in Use
Robust cloud security also requires data protection, and it’s no longer enough to simply protect your data at rest and while in transit. Instead, companies must protect any data in use across their entire network. Doing so requires the adoption of best-in-class management tools and in some cases, multiple vendors. While a one-provider solution works for standalone data protection, handling data that moves between local stacks, mobile devices and through public conduits necessitates a different approach.
Go Mobile First
Want better protection? Design for mobile. Desktop-native apps are quickly becoming relics of the past and when transplanted to mobile devices introduce unexpected security flaws which can be exploited by malicious actors in the cloud. SC Magazine predicts that mobile-first cloud security will gain ground this year.
In a recent interview with Neil Campbell of Dimension Data, Information Age describes “indicators of compromise” as one way to enhance cloud security. This is a systematic process which includes IT “fire drills”, identifying suspicious cloud behavior, resolving root causes and complete incident investigation.
Define Your Terms
The last tip for better cloud security management? Define your terms. Create a clear, comprehensive policy about cloud use for employees which includes substantive permissions and necessary oversight. By getting this out of the way upfront rather than trying to “shoehorn” management policy into place after a breach, it’s possible to avoid rather than mitigate cloud security concerns.
Bottom line? There’s no single solution for cloud security issues — a multifaceted management approach is key.