Five ways to protect data in the cloud
With more potential network entry points, businesses must require more authentication steps
With cloud-based services becoming the norm, business network perimeters are becoming more expansive and, therefore, more of a target for cyber hackers. Cloud services allow more employees to work remotely and on a variety of devices, and permits data to be stored in platforms across the country, but it also requires more firewall ports. It’s sort of like opening more doors to your home, which leaves your family vulnerable; one can never assume that security is a given.
With these potential network entry points, the tools you need to keep information technology (IT) secure may look like an air traffic control center. That said, investments in IT are meant to enable efficiency, not constrain it; and keeping IT secure is still a winnable fight.
The Secret - IDENTITY Security
The authentication handshake we used to employ — to dictate which users have access to which applications, which data, from where and with what device — has evolved. It used to look something like this:
- Username and password correct?
- Is the device located within the network?
- Green light.
As your business adopts cloud services, more variables come into play. To offset them, a more complicated set of questions like those below are posed before authenticating the end user's access. This is known as identity security.
- Username and password correct?
- Is the device located on the network?
- If not, where is the connection’s Internet Protocol (IP) address?
- Is this a secured connection?
- Is the device up to date with anti-virus definitions and operating system (OS) patches?
- Is this a recognized device or a new device?
- Can the user verify their identity with something they have (token or phone)?
- Does this user have the permissions they require to do what they’re trying to do?
- Is encryption required to safely execute this action?
Though it sounds like a headache, the cyber security market has produced many valuable services that simplify this type of authentication and bridge the gap between mobility and security in compelling ways. Let's explore five of them.
1. Cloud-based Active Directory
Synchronize your users, permissions, and authentication requirements across disparate applications and services by extending Active Directory to the Cloud. Call it step 1.
2. Identity Management Services
You make the rules. Identity Management Services, such as Microsoft Enterprise Mobility + Security (EMS), allows your organization to specify authentication requirements with a whole new set of criteria. Cloud-based dual-factor authentication, patching and anti-virus requirements, and even bio-metrics like fingerprints can be leveraged to ensure your data is secure.
3. Mobile Device/Application Management (MDM, MAM)
Let's say I’m at the airport and I need to pull up a customer’s financial record. MDM and MAM solutions provide encryption services and management features that solve this problem while retaining your organization’s ability to control risk. Conversely, if an employee leaves your organization, these tools can execute a remote wipe of very specific applications and data from the former employee’s devices.
4. Vendor Management
You’re only as strong as your weakest link. To safely do business in today’s market of outsourcing, multi-sourcing, and public/hybrid cloud services, vendor due diligence is crucial. Consider the vigilance you’ve given to your own security posture and extend those same requirements to your business partners. Word to the wise: your business partners include your applications vendors. Keep an open mind – you might learn something from what your partners are doing too! Think of it as a club – set your requirements and stick to them – you’ll be doing everyone a favor.
Surprise, surprise. Encryption doesn’t only apply to email anymore. Are your backups being sent offsite via an encrypted tunnel? Does compliance require that you encrypt server hard drives? Are your desktop hard drives encrypted? Are your WAN circuits encrypted? How about the path from your firewall to your hosted VoIP service’s data center? And the email app your employees have on their phones? Check these boxes off one by one. Working from anywhere introduces the risk of anywhere. Bring the security of encryption along for the ride.
At the end of the day, it’s important to find the solutions that fit your business needs with the long-term support necessary to keep things running smoothly and securely for your users. If you are unsure, seek the help of an experienced IT provider that is comfortable with cloud based services.
Channing Ardnt is an account executive at Systems Engineering, a managed IT, security, and cloud services firm. Systems Engineering now has offices in Portland, Maine, and Manchester, New Hampshire and Channing can be reached at 888-624-6737 or through syseng.com.