Posted on December 17, 2020
Cloud
At some points this year, more than 40 percent of Americans were working from home. There’s no doubt this had an enormous impact on the technology businesses are using.
Some employers no doubt had to get video conferencing in place. Many employees needed to secure their own devices.
Online shopping was another huge trend that has huge impact on IT departments. You may have needed to build an online store from scratch or upgrade it for increased traffic.
These and other trends may have influenced your decision to adopt a public cloud. You may also have been using the cloud already. As you prepare your strategy for next year, though, you’re wondering how you can make your cloud more secure.
This guide provides a helpful way to get started and make your public cloud safer, even in the age of COVID.
The first step to improving security in your public cloud is understanding the risk environment. COVID has brought with it plenty of uncertainty and upheaval.
That has meant there’s plenty of room for new threats to emerge. Scam calls and phishing attempts increased during the early months of 2020.
There was also far more opportunity for cybercriminals to get their hands on sensitive business data. People working from home may not have invested in the same security measures as the office. These risks included:
Any and all of these considerations can impact the security of the public cloud. Someone accessing sensitive data on the cloud via an unencrypted WiFi connection could put that data in danger. A device or app that isn’t up to date could provide a way for hackers to hijack the device and gain account access.
The next step is to understand your responsibilities toward public cloud security. The public cloud works on a shared model of responsibility. Your provider will do a lot to help secure the cloud, but you must work with them.
As a cloud user, your responsibilities include:
Your provider will work to secure the infrastructure. You then select from the security features available to you. Account access management and more are all left to you.
Once you’ve gone over the risks you face and your responsibilities, it’s time to make policies. Here’s where you’ll outline best practices the team should follow.
As noted, many businesses scrambled to switch over to remote work. If you didn’t have a remote work policy before, you may have let your employees do just about anything. You may have felt it was fine, as long as they were getting their work done.
This attitude jeopardizes cloud security. As you plan for 2021, you’ll want to review any policies you have in place. Then, work to revise them to reflect best practices.
This might include creating policies about how often users should change their passwords. You might remind everyone to log out of their account when they’re done work for the day.
You may also want to make recommendations for apps to use, as well as security features to turn on. You may ask your employees to ensure they’re using encryption on their home networks. You might ask them not to connect to public WiFi when they need to do work.
You can also set out minimums for devices. They may need to be running a certain version of an operating system. The device may need to have certain components.
Your next move should be to educate your employees about how they can help secure the public cloud.
Employees are often the “weakest link” in the chain of cybersecurity. This may be especially true when it comes to the cloud.
Employees may believe that your cloud provider takes care of all security. They also may not understand the technology or their responsibilities to keep it secure.
Help your employees understand the threats posed to cloud security. Then guide them through how following your policies and best practices can improve security.
You may ask them to take several steps, such as adding encryption to their home networks or upgrading their devices. Some of the steps they should take are as simple as changing passwords and logging out of accounts. Even backing up data can be considered a step toward better cloud security.
Your employees may be reluctant to invest in a new device or get help with upgrading security on their network. You can help them follow best practices by offering them reimbursement.
If someone needs to upgrade their old iPhone so they can have the most secure operating system, offer to help cover the cost. If a team member wants to set up encryption but doesn’t know how, have them consult with an IT professional.
If you want your employees to have separate devices for work and their own use, then help by providing the work devices. This will improve compliance with your policies and security.
Your next step is to manage the accounts on your public cloud. You’ll want to consider two questions:
Not everyone needs access to your public cloud. If your data resides in the cloud, your data analysts will need access. If your sales and marketing team uses a CRM powered by the cloud, then they’ll need access.
A cashier working at a bricks-and-mortar store probably wouldn’t need access. Warehouse workers might need access to see orders or check to-do lists.
It does depend a bit on what you use your public cloud for. Most employees will need some limited access to the public cloud.
That doesn’t mean everyone needs an all-access pass to every single part of the cloud or all the data. In fact, you’re better off limiting access for most accounts.
This way, your team members can do what they need to do. If their accounts are compromised, you don’t need to worry that the hackers will have access to everything.
You should also be proactive in deactivating accounts for employees who have left the company.
Of course, you’ll also want to be sure you’re not impeding your employees in doing their jobs. Balancing security and operations can be quite tricky.
You’ll need to pay careful attention to who needs to do what. If people don’t have the access they need, then their productivity may suffer. They may need to continually ask others to finish a job or give them access. That can slow everyone down.
It could help to map out various tasks and ensure that people have the permissions they need to carry out those jobs.
Another way to improve cloud security is to work with your cloud provider. Many cloud service providers offer features and services that can help you improve security.
Some may offer extra protection. Others may take on some of your responsibilities, such as offering traffic security through the platform itself. Some providers may offer you server-side encryption as well.
That can help you manage your responsibilities more effectively. If you’re a small business with a small budget or an organization without much in-house tech knowledge, this could be the best step to take.
Check out the extra features and services your provider offers. If you don’t like what you find, you can always shop around for a new provider who offers more.
Finally, your public cloud security strategy should include plans to stay up to date. This means keeping your software and devices up to date. It also means staying current on the risk environment.
This is key in the coronavirus era. The business environment is changing at a rapid pace, and there’s plenty of potential for upheaval. With more people working from home and new threats always emerging, staying on top of things is key.
The right provider can help you here too. With their help, you can keep your cloud security protocols and your best practices up to date.
Use of the public cloud has grown dramatically in the past 12 months. It powers everything from online shopping to your team members working from home. That’s also meant increased risks, as you’ve seen here.
In turn, security should be at the top of your mind as you consider using the public cloud into 2021 and beyond.
Are you looking for a provider who can help you expand or improve your use of the cloud next year? If so, it’s time to get in touch with the experts. With their help, you can get the cloud services you need to grow your business.