5 cloud security tips you’re not thinking about

secure_cloud

In light of recent news that a hacker was able to access the personal information of many celebrities – from Jennifer Lawrence to Kate Upton – through their Apple iCloud accounts, the question of cloud security is raised once again.

For organizations that house extremely sensitive customer information in the cloud, this topic is imperative. But what should you ask your cloud provider today to ensure your information is safe?

Here are five questions along with tips to help you find the safest cloud environment possible.

1. PHYSICAL SECURITY

Questions:

  • Where are my documents stored?
  • Who is watching out for them?

If someone can access your information – and your customer’s information – that’s not a good thing. Some might even call it game over.

Tips:

Choose a vendor with a center that’s staffed by security personnel and covered by surveillance cameras. Multifactor identification that limits pre-authorized visitors is a huge help as well.

You should also verify that the data center physically separates hardware from any other hosting it provides. Another best practice is hardware that’s physically secured using separate cages and locking cabinets.

2. NETWORK SECURITY

Questions:

  • What type of network infrastructure is your host using?
  • What is the network intrusion monitoring policy?

Tips:

Verify that your cloud provider monitors network infrastructure components and services such as routing, switching and bandwidth 24/7. Certified engineers also need to be available to resolve any issues according to your chosen service class. Automated network intrusion monitoring procedures should also operate 24/7.

3. TRANSPORT SECURITY

Question:

  • Are all communications between clients and the cloud encrypted?

Tip:

Look for a cloud provider that encrypts communications using up to AES-256 bit SSL v3 or TLS 1.0 and SSH. This ensures that all content and operations are secure from any possible interference or interception en route.

4. APPLICATION SECURITY

Questions:

  • Does the application even consider security?
  • What is the penetration testing?

Tips:

Users should automatically receive access to new versions or upgrades as soon as they are available. However, cloud providers should never perform an upgrade without customer knowledge. You should be able to request test environments to perform appropriate testing on new versions, or any other aspect of the solution.

5. COMPLIANCE

Questions:

  • What regulatory standards does your cloud provider meet?
  • How often is it audited?

Tip:

In addition to quarterly audits by a third-party, your cloud solution should be able to meet the following regulatory demands:

  • HIPAA
  • GLBA
  • SOX
  • SEC17a-4
  • EU Directive 95/46/EC
  • ISO 27001
  • SOC 2
  • Safe Harbor

I hope you find this guide helpful. As someone who deals with cloud security every day, I’m disheartened whenever I hear that a person or organization has been hacked. Because if you ask these questions and follow these tips, you don’t have to worry about hackers; your data will be completely secure.

If you’d like to learn more about cloud security, you can find out here. Or if you have questions, Hyland experts are always available. We look forward to hearing from you!

Kevin Hout

A veteran of the United States Air Force, Kevin Hout has more than 14 years of IT experience. Passionate about leading professionals and working through difficult technical issues, Kevin earned an MBA at Columbia Southern University to strengthen his managerial skills. He currently leads a team of 15+ professionals who support more than 400 OnBase Cloud customers.

1 Response

  1. Thendral says:

    Great Article..It was very informative..I need more details from your side..include some tips..I am working in Erp Software Development Company In India

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like...