5 security tips to stay afloat in the cloud

by Sohini Bagchi    Sep 10, 2013

cloud security

Enterprises are increasingly moving their critical business applications to the cloud and are continuously accessing their apps and data from mobile devices. According to a new Verizon study, organizations are currently spending nearly 45% more on cloud services each month. While this implies that enterprise cloud is reaching a high level of maturity, it also warns the CIO and the enterprise that the use of the cloud now requires different security needs. Here are some tips for organizations to ensure security to better manage and protect people, data and their devices in the cloud, especially in the era of mobility.

#1. Understand who is using the data

In the era of BYOD this is inevitable to protect your data and applications on the cloud. The CIO should know who is accessing what within the organization. According to Lawrence Orans, research director, Gartner, majority of the cloud security breaches that happen are internal. “Therefore, it is vital that companies embracing mobility should train their staff about cloud security. Moreover, more equipped users, such as database administrators and those having access to valuable intellectual property – should receive a higher level of monitoring and a stronger access control,” he says.

#2. Limit the level of access based on user context

The CIO should ensure that he can change the level of data access in the cloud based on the location of the user and also the device he/she is using. For example, when a sales guy is at his desk on a regular working day, he may have complete access to all the sales data. However, Orans notes if he is using his mobile device from a remote location, the employee should not only have some limited access to the data, but also go for additional sign-on process.

#3.Take a risk-based approach

Experts believe it is critical to identify the most valuable databases and provide extra protection, encryption and monitoring around them. As Vishak Raman, Sr. Regional Director- India & SAARC, Fortinet recommends, organizations should apply a risk-based approach towards the Cloud and make sure that the necessary security measures required do not impede the expected efficiency and cost benefits of their cloud solutions.

#4. Extend security to the device

According to Raman, it is important to ensure that corporate data is isolated from personal data on the mobile device. For example, by installing a patch management solution on the device can help with the running of the latest software upgrades, which often enables organizations to check the vulnerability in the cloud. Besides encryption and two-level authentication, he recommends scanning mobile applications on a frequent basis to check for vulnerabilities in the cloud.

#5. Network to become a greater priority

with businesses quickly migrating to cloud-based models for cost and operational efficiency, the network has become even relevant and needs to be highly secured. As Daisy Chittilapilly, VP, ITS, Cisco India and SAARC observes that the network still needs to be secured ever more so than in the cloud. Network security solutions should be intelligent - provide a greater control with analytics and insight into the content and applications that are accessed by users. “By adding a security intelligence layer to network and devices, organizations can provide real-time visibility into the both the data centre and the cloud infrastructure,” she says.