4 Cloud Security Mistakes and How Businesses Can Avoid Them

4Cloud.jpg

As more and more businesses are moving to the cloud, organizations need to be sure that they’re carefully planning accordingly to address possible security concerns.  Below are 4 Tips you can take to ensure you’re avoiding common Cloud Security pitfalls:

Don’t Publish Sensitive Business Information

It is now easier than ever to collaborate with other individuals or organizations with cloud services. With one simple mouse click, sharing data can be achieved. That same mouse click could spell disaster however if you’re not careful.  Be sure to not include sensitive information about your organization when publishing to the web. 

To help avoid situations like this, be sure to understand your companies access control settings that may allow public access.  Your IT team can also implement a small bump in the upload process by initiating a prompt that makes you reconsider – “Are you sure you want to publish this publicly?”

Conduct a Proper Review of Cloud Security Solutions before Adopting Them

One of the biggest selling points of a Cloud Security Solution is their ease of use. Sometimes, it’s so easy to use a cloud security service that one may not conduct proper vetting. Be sure to properly investigate the legitimacy, ease of use and trustworthiness of a possible cloud security solution before you move forward.

Be on the Lookout for Weak Encryption

If your business is using an insecure encryption protocol, you’re risking the security of your organizations sensitive information. Make sure when choosing a cloud security provider that they support strong TLS-based encryption using secure ciphers such as AES.  Equally as important, make sure the solution will also explicitly block the use of non-secure ciphers.

Keep in mind that using the outdated technology such as SSL Protocol and DES cipher is almost as risky as not using encryption at all.

Work with Cloud Provider to Prevent Poor Incident Response

When a Business hosts its own services, addressing a security incident is within its control.  However, if the breach is at the cloud provider, it can be a much more complicated situation. Work with your cloud provider to make sure that your contract includes specific language about when the provider will notify you about security incidents, the procedures they will follow to respond to these incidents and the types of information they will share.

Story via BizTech Magazine