5 cloud security tips you’re not thinking about
In light of recent news that a hacker was able to access the personal information of many celebrities – from Jennifer Lawrence to Kate Upton – through their Apple iCloud accounts, the question of cloud security is raised once again.
For organizations that house extremely sensitive customer information in the cloud, this topic is imperative. But what should you ask your cloud provider today to ensure your information is safe?
Here are five questions along with tips to help you find the safest cloud environment possible.
1. PHYSICAL SECURITY
- Where are my documents stored?
- Who is watching out for them?
If someone can access your information – and your customer’s information – that’s not a good thing. Some might even call it game over.
Choose a vendor with a center that’s staffed by security personnel and covered by surveillance cameras. Multifactor identification that limits pre-authorized visitors is a huge help as well.
You should also verify that the data center physically separates hardware from any other hosting it provides. Another best practice is hardware that’s physically secured using separate cages and locking cabinets.
2. NETWORK SECURITY
- What type of network infrastructure is your host using?
- What is the network intrusion monitoring policy?
Verify that your cloud provider monitors network infrastructure components and services such as routing, switching and bandwidth 24/7. Certified engineers also need to be available to resolve any issues according to your chosen service class. Automated network intrusion monitoring procedures should also operate 24/7.
3. TRANSPORT SECURITY
- Are all communications between clients and the cloud encrypted?
Look for a cloud provider that encrypts communications using up to AES-256 bit SSL v3 or TLS 1.0 and SSH. This ensures that all content and operations are secure from any possible interference or interception en route.
4. APPLICATION SECURITY
- Does the application even consider security?
- What is the penetration testing?
Users should automatically receive access to new versions or upgrades as soon as they are available. However, cloud providers should never perform an upgrade without customer knowledge. You should be able to request test environments to perform appropriate testing on new versions, or any other aspect of the solution.
- What regulatory standards does your cloud provider meet?
- How often is it audited?
In addition to quarterly audits by a third-party, your cloud solution should be able to meet the following regulatory demands:
- EU Directive 95/46/EC
- ISO 27001
- SOC 2
- Safe Harbor
I hope you find this guide helpful. As someone who deals with cloud security every day, I’m disheartened whenever I hear that a person or organization has been hacked. Because if you ask these questions and follow these tips, you don’t have to worry about hackers; your data will be completely secure.