How to protect your data in the cloud

Security

by Duncan MacRae| 13 February 2014

CBR has teamed up with Lee Weiner, SVP of products and engineering at security management firm Rapid7, to bring you a series of useful guides that will help you stay safe online. This time, Lee offers advice on how to stay secure in the cloud.

In support of Safer Internet Day, this week we've been running a series of articles looking at equipping users with the means to better protect themselves - and you - in the connected world. We've already looked at phishing, passwords and mobile risks and next up are cloud applications.

According to the Ponemon Institute, 35% of security leaders say SaaS applications are not evaluated for security prior to deployment. And those are the security leaders who know it's happening - chances are there are more that don't.

A few years ago, Rapid7 ran its own internal audit to see where it stood with cloud applications. It found about ten times more than it was expecting had been deployed. The challenge is that it's easy for individual departments to sign up for an app and start using it without needing IT support and that's exactly what had been happening, potentially exposing us to unknown and unmanaged risk. Rapid7 now has policies to ensure the security team is included in any vendor selection, and that all vendors meet our security requirements. If you don't have policies in place, Lee Weiner, SVP of products and engineering at Rapid7, strongly recommends you do your own internal audit and determine how you will manage the risk.

For users, the cloud can be liberating because it means they no longer need to wait for IT to install an app for them, so here are some pointers for helping them to understand the potential risks associated with this behaviour.

What is the Cloud?

"Cloud" basically means a techsolution you're subscribing to online. That covers an incredibly diverse range of things. For example: online data storage like Dropbox, collaboration forums such as Trello and customer relationship management systems like Salesforce.com. Cloud applications are designed to be very quick to deploy and easy to manage and as a result, the chances are that your department is already using some kind of cloud service.

The challenge here is that you don't know how good the security of the solution you're buying may be. That can be a big problem if any corporate information is being handled by the service. For example, if you use an online data storage service like Dropbox, SugarSynch or GoogleDrive, and that service gets compromised by an attacker, that attacker could get access to any information you stored on the site. Other types of corporate data, such as any intellectual property, are also valuable and need to be protected to defend the way we do business.

Check out the next page to find out how you can protect yourself!

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

716 people like this.
1554 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.