Keeping Your Data And Applications Secure On The Cloud

Keeping Your Data And Applications Secure On The Cloud

When you have all your data and applications permanently stored within your enterprise, you can get away with big security holes and poor data management practices without a serious external threat. However, once your applications and data move to the cloud, your margin for error becomes much smaller. Confidential enterprise data could be traveling all over the public Internet, enabling your employees to work anywhere, anytime, while at the same time exposing data to malicious eyes.  In this post, I will cover some of the things your organization needs to get right to prevent unauthorized access.

Mind the channel

If you are on a public network with an unprotected Wi-Fi connection (such as in an airport or a coffee shop), avoid accessing confidential corporate data. An attack could range from a low-tech physical eavesdropping of your screen to a more high-tech capturing of your data in the channel. Make sure your channel is authenticated and encrypted with protocols such as IPSec,TLS/SSL, SSH and systems such as VPN. If you are sending critical data in plain text, you are inviting trouble.

Implement well-designed user access control

Properly planned user access control is needed for all your data and applications. Employees must be able to access only data they have a need to access. Also mind the flow of information outside the security perimeter. For instance, you must never allow your sales people to export all the CRM data to an excel sheet that they could easily take with them when they leave the company. Always make sure that data access happens through your security interfaces and very few bulk export options are allowed for regular security privileges.

Compartmentalize/segregate data

In 2009, Twitter had a bad security breach that made all the internal discussions and confidential business data public and threatened the future of the young network. The hacker gained access to a single compromised personal Gmail account of an employee and was able to successfully access spreadsheets and documents on Google docs that contained all the corporate information.

Although Google was not at fault in this case, it shows how easy it was for the hacker to access all the corporate information after gaining access to one account. Audit your data storage systems and make sure they are compartmentalized enough to avoid cascading security failures. Classify the information based on the security level and implement high-level security for the most confidential information. Thus, a breach of a low-security account should not expose the data in a high-security account.

Educate your employees

No amount of secure protocols will help if your employees are not trained in security best practices. Mandate them to have strong passwords that are periodically changed. Educate them to never send the passwords as plain text through SMS, email, etc. (you would be surprised by how many employees in tech companies break this basic rule). All the data must be properly encrypted, and the keys must be recycled carefully.

By Balaji Viswanathan

About Balaji

Balaji Viswanathan is the founder of Agni Innovation Labs that helps startups and small businesses with their marketing and tech strategy. He has a Masters in Computer Science from the University of Maryland and has been blogging for the past 7 years on technology and business related topics.

View All Articles

Sorry, comments are closed for this post.

Cloud Computing – A Requirement For Greater Innovation

Cloud Computing – A Requirement For Greater Innovation

Cloud Computing Innovation Sao Paulo, Brazil has had trouble with both energy and water supplies as of late. Despite it is the rainy period. Unfortunately Sao Paulo is very dependent on its rain as a majority of its power is generated from large dams. No water, no energy. Difficult situation for a city of some…

The Four C’s – Cloud, Culture, Clash, Change

The Four C’s – Cloud, Culture, Clash, Change

The Cloud, Culture, Clash, Change “I told the new CTO that this cloud stuff was BS. He came charging in with this ‘cloud first policy’ and look what happened. Previously rock solid systems that had worked for years slowed down and had outages as we tried to run them on the cloud. I doubt that…

Vendors To Enter The Cyber Security Game

Vendors To Enter The Cyber Security Game

IT Regulatory Compliance as the Next Big Focus for Cloud Vendors Back in October 2014, Defense Information Systems Agency (DISA) submitted a public request for information, calling for the assessment of the marketplace’s ability to “provide cloud ecosystems and services in two integration models that place vendor cloud services on DoD networks for use by…

Are You Sure You Are Ready For The Cloud?: Cloud as a Datacenter

Are You Sure You Are Ready For The Cloud?: Cloud as a Datacenter

Cloud as a Datacenter Through my job as a Cloud Architect during the day, I run into a lot of scenarios that I think would be important to write about. Not that they are of major importance to others, but a way for people to learn from real world experience. This month, it had to…

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones from Apple, Samsung and HTC (Sponsored post courtesy of Verizon Wireless) The launch of the Galaxy S7 Edge at the Mobile World Congress in Barcelona during February was the first shot in a vintage year for mobile phones. The S7 is an incredible piece of hardware, but launches from HTC and Apple later in the…

Featured Sponsored Articles
How Successful Businesses Ensure Quality Team Communication

How Successful Businesses Ensure Quality Team Communication

Quality Team Communication  (Sponsored post courtesy of Hubgets) Successful team communication and collaboration are as vital to project and overall business success as the quality of products and services an organization develops. We rely on a host of business tools to ensure appropriate customer interactions, sound product manufacturing, and smooth back-end operations. However, the interpersonal relationships…

Featured Sponsored Articles
How To Develop A Business Continuity Plan Using Internet Performance Management

How To Develop A Business Continuity Plan Using Internet Performance Management

Internet Performance Management Planning CDN Performance Series Provided By Dyn In our previous post, we laid out the problems of business continuity and Internet Performance Management in today’s online environment.  In this article, we will take a look at some of the ways you can use traffic steering capabilities to execute business continuity planning and…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor