Are you too relaxed about the data you store using cloud services? You may feel that data security is strictly an IT function, but it is a financial one as well. A data breach can be financially devastating — there have even been cases of companies going out of business because they couldn’t recover after their data was destroyed by attackers. A strong approach to data security in the cloud is vital for your company’s well-being.
Develop a Broad Plan
In developing your plan, you need to assess three main areas: your data, your provider, and your own IT department. Look over your data and decide what is safe to store in the cloud and whether anything you’re storing is too sensitive to risk — some companies hold data that needs to be kept on private servers. Next, assess your cloud provider. What is its history and experience? What security features does it employ, and how proactive is it about staying up-to-date?
Then look at your own IT department. While your provider is responsible for the infrastructure of their system, it’s your responsibility to use the service properly, follow best practices for your specific provider, and monitor internal threats.
Prioritize Training and Enforcement
It is your responsibility to ensure that your employees learn and practice safe procedures. Are they safeguarding their passwords or displaying them on their monitor frame where anyone walking past their desk can see them? Do they understand the threat posed by phishing e-mails from attackers? Do they understand what data is safe to transmit by e-mail or through your internal messaging system? Do they know how to secure any work they bring home? Is your HR department revoking privileges from terminated employees in a timely manner? It’s not enough to just train your staff; you should monitor them as well.
Are you testing regularly to make sure employees are following the procedures they’ve been given? If you’re not monitoring and enforcing your policies, your people will assume they are a low priority. Your vendors and cloud service provider should also be audited periodically. Auditing cloud services present some unique challenges, but at the very least an auditor should be able to assess the encryption, transparency, and basic security of your cloud provider’s system, as well as your interactions with it.
Reassess Your Plan
Even the most comprehensive data security plan can become obsolete quickly. The nature of your data is going to organically shift over time, which means you’ll need to reassess your classification process continually. You should also review your provider choice regularly. Changes in your company’s technology, in the data itself, and across the industry can impact which provider is the best match for you. Your employee training programs and in-house systems need to be updated as new threats develop.
Keeping your data safe in the cloud is a shared responsibility between you and your cloud provider. The work you do at your end to keep your data safe could prevent your company from taking a serious or disabling financial hit.