Filter by Category

How to Promote Cloud Security in Your Organization

cloud security best practices

In 2016, the technology industry predicted that 2017 would be a big year for big cloud spending and cloud initiative—and they were right.

Recent reports claim that “the global market for cloud security and vulnerability technologies should reach $5.3 billion in 2017,” an annual increase of 13.9 percent. Google, Amazon, and Microsoft also saw overall cloud growth, hitting lofty revenue goals. Amazon Web Services, in particular, grew 42% from last year and now makes up 11% of Amazon’s overall earnings.

Every positive has a negative, though, and 2017 is no exception. This year was also the year of shocking security disasters. From WannaCrypt and ransomware attacks to the Equifax data breach that rocked the public in September, we’ve seen over “1,120 total breaches and more than 171 million records exposed” this year, according to an article from Wombat Security. And this number, surpassing 2016 by over 80 breaches and 130 million records, is expected to only continue to rise in 2018.

Many organizations have set portions of their 2018 budgets aside to invest in cybersecurity and cloud services. ZDNet reports that 53% of participants in their latest IT survey agree security will be their top concern next year. Almost 50% listed cloud services as a priority, as well.

If cloud spending and improved cybersecurity is on your organization’s list of to-dos, consider implementing these suggestions in the new year to promote (and protect) the integrity of your data.

Secure your data in transit and at rest

With the concerning increase in data breaches we’ve seen this year, it’s never been more crucial for organizations to ensure their information is properly secured. Is your data encrypted during transfer to and from your systems? Most IT professionals know and follow this practice, but very few also enforce encryption for data at rest.

Even if files are stored in a secure database, there is no guarantee that the server won’t be compromised.

According to this article from Skyhigh, 81.8% of the 12,000 cloud providers they analyzed encrypted their users’ data in transit—which is still low when you consider that 18.2% did not, inviting serious risk into their customers’ organizations. But even more frightening, Skyhigh reports that only 9.4% of cloud providers encrypt data at rest. “It means at least 10,000 cloud services today store customer data in the clear,” they write. “Some of the biggest names in cloud computing don’t store data encrypted.”

Thankfully, a solution that puts encryption first, like GoAnywhere Managed File Transfer (MFT), can help ease your worries while preserving your control over daily business operations. Better yet, GoAnywhere is 100% deployable in the cloud, which means you don’t have to compromise your security practices or the convenience of existing in a cloud environment.

LEARN MORE: Secure Cloud File Transfer Overview

GoAnywhere MFT promotes cloud security through the following features:

Are you on the fence about encrypting your data at rest? Don’t be. Statistics from Skyhigh and other industry leaders prove that the best advocate for the security of your data isn’t your chosen cloud provider or third-party applications. It’s the one who stands between an organization and the outside world: YOU.

Create strict policies for data retention and deletion

If you’re storing customer data in the cloud, like credit card numbers, addresses, names, or birthdays, you’ll have extra considerations when it comes to following security best practices. One consideration is to maintain a strict policy for customer data retention and deletion.

Certain organizations need to store information indefinitely. This applies to the healthcare industry, for example; keeping patient data over a period of decades helps practitioners provide people with high quality care. But for those who aren’t in healthcare, it’s helpful to know what data retention laws apply to you and when you should keep, or even delete, sensitive information. With this knowledge, you’ll know exactly how long data should be preserved in the cloud … and how to get rid of it safely when the retention period is over.

Compliance regulations are starting to add retention policies to their requirements, too. For example, the General Data Protection Regulation (GDPR), effective in May 2018, gives EU citizens the “right to erasure” or “right to be forgotten.” You can read more about this principle on the UK Information Commissioner’s Office website.

Implement relevant security suggestions from your cloud provider

Each cloud computing platform functions a little differently, which means they have their own batch of cybersecurity best practices. We’ve recapped the top suggestions for Amazon Web Services and Microsoft Azure (two cloud providers GoAnywhere MFT deploys to). You can find those articles, and more, at the following links:

5 Cloud Security Best Practices for Microsoft Azure

7 Cloud Security Best Practices for Amazon Web Services

Ensure your organization is up-to-date on compliance requirements

Just like data stored on-premises, data stored in the cloud needs to follow whatever compliance requirements apply to your organization. Credit card data must be processed and transmitted in the cloud following guidelines handed down by the PCI DSS regulation. Medical information should be secured within HIPAA and HITECH standards. And if you handle the personal data of EU citizens (regardless of if your organization is located in Europe or not), your cloud data must meet GDPR stipulations by May 2018. Those non-compliant with any of these regulations or standards could face hefty fines and penalties.

Identify cloud vulnerabilities via frequent cloud audits

One of the best ways to find and correct pain points in the cloud is to conduct frequent audits of your environment. Each cloud provider has examples of what you should look for when managing an audit. Amazon Web Services suggests using a checklist (here’s an example). “A checklist,” they explain, “can help you evaluate the ability of AWS services to meet information security objectives and ensure future developments within the AWS cloud are done in a secure and compliant way.”

Yes, we know—undertaking an audit is no walk in the park. But the benefits of doing so on a frequent basis far outweigh the temporary inconvenience to an organization’s resources. Not only can you get ahead of the curve by spotting problem areas before they occur (eSecurity Planet recommends you “audit your access logs to make sure that only appropriate and authorized [personnel] are accessing sensitive data and applications in the cloud”), you can review your third party vendors to make sure the integrity of your data is upheld on both ends.

Use the right tools to protect your cloud applications

Organizations are starting to rely heavily on cloud applications. A study from KPCB estimates there are 893 to 1,206 cloud apps in use per enterprise. Imagine how much data is shared between these off-site applications and your business!

In order to keep your data safe, we recommend protecting them with tools in these four categories: DDoS Protection, Cloud Access Security Broker, Data Loss Prevention, and Cloud Backup. You can learn more about these groups (and what solutions you could use from each), in this blog post:

4 Understated Tool Categories for Cloud App Security

Ready to protect your cloud data?

Learn about cloud security and how to secure your file transfers while maintaining the convenience of the cloud. Get your free white paper on “Using Managed File Transfer to Secure Your Cloud Data.”

Download the White Paper

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is FTPS?

December 4, 2018

Whether you’re looking to upgrade from your current FTP file transfers or have new requirements from a trading partner or customer, you might be wondering what FTPS is. How does it work, you…


Need an Alternative to AMRDEC SAFE’s File Service? Start Here

November 29, 2018

AMRDEC SAFE Shut Down Due to Security Issues Bad news for the U.S. army: AMRDEC SAFE, the Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange service that…


How 3 Financial Institutions Solve File Transfer Needs with MFT Software

November 26, 2018

On a scale of 1-10, how would you rate the efficiency of your file transfers right now? If you use manual scripts, legacy software, or a myriad of free tools to balance your encryption, automation,…


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…