Kris Lahiri, CSO at Egnyte, reveals his top tips for enterprises looking to harness the cloud for file sharing and increased collaboration with internal and external users, without sacrificing security
The cloud has proven to be an extremely important technology for any business hoping to increase its productivity and improve service delivery through collaboration. But using the cloud increases the vulnerability of your attack surface, and overlooking preventative methods can have severe consequences in terms of financial success and a brand’s reputation. For many, however, ensuring secure processes is easier said than done.
With that in mind, here are some top tips to keep files safe in the cloud:
1) Stay educated
Businesses must ensure that the people using cloud technologies are well informed about how it works and its potential risks. No vendor is going to admit to poor security credentials, so it’s vital that IT decision makers are up to date with relevant, accredited and neutral articles and whitepapers on the topic. IT decision makers need to disseminate the crucial information onto users within a business to make them aware of best practice and policy relevant to their specific organisation. Data breaches are often the result of employee oversight, but educated users can actually monitor for potential vulnerabilities and address them accordingly.
For businesses to securely use the cloud to share files across their organisation, it is absolutely vital they encrypt data at all stages of its lifecycle – from creation, to in-transit, and at rest. Therefore, in the event that somebody without authorisation gains access to data, or a company device is lost or stolen, encrypted files cannot be accessed, and with some solutions, can also be remotely wiped. By taking extra steps to encrypt data in all lifecycle stages (and under no circumstances surrender your encryption keys), a business will be able to operate more efficiently knowing their data is safe.
3) Audit people & processes
Businesses can spend countless hours setting up a cloud infrastructure and making sure every business unit, application, file and user is integrated with the system. However, a business is likely going through changes just as quickly as the technology it is using; employees come and go, new applications are introduced and increasing amounts of data are generated. Any unchecked addition to a company’s cloud ecosystem poses a potential security threat, so businesses should set up routine audits of user permissions, activity and applications. If anything seems out of place against pre-determined policies, then a business will be able to flag the problem before it turns into a full blown security threat. There are also proactive solutions like Netskope that can be proactive in detecting application and device use.
4) Challenge your systems
Hackers will see the growing use of an evolving technology like the cloud as an opportunity to search out and exploit system vulnerabilities. Big financial institutions like JP Morgan have recently been the target of data breaches, which may have potentially been avoided if they had challenged their own systems. Rather than building from a defensive perspective, CIO’s should think aggressively like hackers to ensure a secure cloud infrastructure. Businesses should look for accredited third party security companies that can run penetration tests to safely “attack” a system, highlighting any potential threats, before a cyber-criminal finds them first.
5) Appoint a dedicated security officer
Implementing cloud security is not something that can be outsourced. Businesses should appoint a dedicated security officer whose sole focus is to protect the company’s investment in the cloud. This person should have experience in all areas of the cloud, from deployment to implementation and security. A dedicated security officer will also be able to own and manage #1-4 on this list so the rest of the organisation can stay focused on its primary duties. If this person can see your cloud infrastructure from every angle they will be able to prevent attacks before they happen, rather than managing them when it’s too late.
Using these tips, businesses can truly experience the full benefits of the cloud for file sharing without being concerned about the security of their intellectual property. Businesses must employ methods to maintain control over their information, which in turn will support compliance initiatives and promote user mobility and productivity.
Think you know everything about cloud computing? Try our quiz!