HB Blog

Insights from the leadership at HB on technology and culture

Staying Secure in the Cloud is a Team Effort

on May 13, 2016

Keeping your data safe in the cloud should be a team effort from start to finish. Here's what you need to know from your MSP.

“Moving to the cloud”—when it comes to business operations—has gone from being a bit of a “buzz term,” to being as mainstream a part of doing business as having a good accountant on hand to keep an eye on the books. The many benefits that cloud computing provides—increased collaboration, reduced cost, reduced infrastructure, flexibility, and scalability—make it a tantalizing option, even for highly sensitive industries such as finance, healthcare, and government. But, security issues can be a very real problem, especially if your organization is using a hybrid-cloud set-up (part private/part public) Being not only aware of the potential problems cloud computing can bring, but proactive in ensuring they don't occur, will help you avoid any cyber threats.

Your company's security shouldn't fall solely on the IT department's shoulders. Nor should you allow your managed service providers full control. Instead, your cloud security should very much function as a team effort.

Make Cloud Security a Team Effort

First, make sure you assess your provider’s security practices for identity management and access permissions, access logging, threat defense, and data partitioning - and make sure you do this well before you sign on the dotted line. You will want to partner with someone who shares your company's security concerns, and one that has proven that their physical and administrative access is robust, and that it offers the latest protections from malware. Here are some key questions to ask:

- What are your policies for identity management and access permissions?
- What are the deciding factors and processes when you partition data?
- What precautions are in place for threat defense, and what is your action plan when a threat is detected?
- What standards do you have in place for the login process? Do you use multifactor authentication (MFA) or single-sign-on methods (SSO)?

From there, you'll want to focus on the following, and you'll also want to do this in tandem with your MSP: 

- Data protection. Data MUST be encrypted. And that includes data that's moving to the cloud and that which is sitting comfortably in your on-site storage servers. As CIO.com reports, “While most cloud providers will handle many encryption tasks for you, retaining control of the encryption/decryption keys is a best practice. Some have compared letting the provider handle your encryption to locking your house or car, but leaving the keys dangling from the lock.” This is where that teamwork thing comes into play, and why relinquishing control becomes a very bad idea.

- Regulatory compliance monitoring. Do you know where your data is? No, this is not a trick question—yet many companies wouldn't be able to answer it. Not knowing where your data is "living" and you'll need to be sure your MSP provides full disclosure as to where your data gets stored. “If that’s not in compliance with your industry or corporate rules, you’ll need to negotiate a guarantee that your data doesn’t end up two or more hops away from you.”

- Log data access. If you're in the payment card industry, you will need to remain compliant to the Payment Card Industry Data Security Standards (PCI DSS). To do so, you will need to ensure your MSP provides you access to your data if and when PCI auditors and regulators come calling. Bottom line? You will be held responsible—not a third party—should compliance not be practiced.

Stay Safe Out There

No matter which cloud provider you’ve chosen, make sure you’ve covered all your bases, and above all, always be a team player when it comes to your corporation's valuable data. Stay on top of your cloud provider’s security practices, be wary of any sudden changes to your account, and protect yourself in every way you can.

Image credit: StockSnap.io