As more companies go to the cloud, many of them are concerned with security of their network. This is a valid concern because companies spend a lot of money hiring IT consultants to implement their cloud services however there is one factor they cannot control, their employees.
A recent study covering over 400 IT professionals from over 20 different industries has shown some interesting thoughts when it comes to cloud services. Over 77% of IT professionals feel that the weakest link in their entire IT infrastructure is their corporate users exposing their network to security concerns. Another 50% have security concerns with employees using cloud-based services that make their IT infrastructure less secure and over 75 percent of them believe that staff is unwittingly exposing company data.
So how do your protect your company from the weakest link in your cloud?
- Check out your cloud security.
First step is simple, encryption. You should have proper encryption on the local system your employee is working on as well as your cloud services. There are a variety of encryption standards to choose from including AES-256, RSA 2048 for signatures and shared folders, and SHA-256 for security checks. You can also use Secure Sockets Layer (SSL) and Streaming SIMD Extensions (SSE). But there are some thing to consider such as your industry. Some industries such as healthcare must satisfy certain security requirements for data storage.
- Back-up your data from the cloud.
Backups are to be considered an insurance policy. Should your data ever be compromised, you will require a backup to help determine what and who has been subject to a security breach. Many cloud services offer automatic data backups however in many cases it is limited to the most recent copy which may not be adequate, especially in the case of a major security breach.
- Keep systems updated.
With so many factors that can affect your infrastructure, the one most vital item is your internal IT infrastructure. System, application and software providers continually issue patches to improve the security of their systems. You can set applications to update automatically and eliminate the human element. As basic as this might sound, you should install corporate class virus protection on all devices and set the virus protection to update automatically.
- Set a strict employee usage policy.
Here is the weakest link, the corporate user. Your entire infrastructure is as secure as the users who can access it. Most users do not realize that they are providing hackers opportunity to the network. Your managed IT services provider or IT department should restrict the use of social media and non-work related websites on company devices. Also, you should only permit authorized administrators to install new software. Many companies now take it to a new level including to disable the use of USB drives to copy company data for all but authorized users. Last but not least, all users require strong password protection and require a unique passwords frequently as part of your IT security policies.