Working off an external network in the cloud brings the benefits of offsite storage backup, but also comes with some dangers: Viruses, spam, malware and identity theft are among the threats you may face. Along with the dangers of sharing your data externally with outside parties comes some security benefits as well, according to Eran […]
Working off an external network in the cloud brings the benefits of offsite storage backup, but also comes with some dangers: Viruses, spam, malware and identity theft are among the threats you may face.
Along with the dangers of sharing your data externally with outside parties comes some security benefits as well, according to Eran Feigenbaum, director of security for Google Apps. Although companies now allow cloud vendors access to their data, “just sharing a document and not an entire infrastructure is a tremendous benefit,” he says.
“You don’t have to figure out multiple security zones, only one front-facing connection,” adds Treb Ryan, CEO of OpSource, a company that provides data management and data-transfer backup for software-as-a-service and Web companies.
Here we provide some tips from experts on how to keep your
Watch what you open
Cloud provider Salesforce warns on its
Ask your provider about incident response, Balding advises. The provider should be able to help in the event of an intrusion attempt, he says. You should also ask if the company will take an image of the machine or whether you must do this yourself.
When you open files, make sure your network access is encrypted, suggests Craig Balding, a technical security lead at a Fortune 500 firm and author of a blog on cloud computing security. Balding notes that Amazon doesn’t encrypt data for its Web Services business. On its trust site, Salesforce.com recommends two-factor authentication techniques such as RSA tokens or Smart Cards.
Protect your cloud API keys
You want to make sure your cloud API keys are secure, Balding warns. “If someone gets hold of your access key, they’ve got everything,” he says. “Require the provider to give you keys for different sets of data and risk classification,” Balding suggests.
He also advises putting your production data in one account and your development data in another account. This will lessen the risks of someone breaking into your less secure development machine, he says.
Pay as you go
To avoid competitors running up the bill, pay for cloud services as needed, Balding advises. “It’s good to have a threshold if usage goes way up, he says.
Replicate data
Google’s Feigenbaum stresses the importance of data replication across multiple data centers. In the event of a disaster in the Northeast, for instance, data could still be accessed from other regions. “If something bad would happen to the Northeast such as a snowstorm, and cut off power, your data would be served from another data center, and no one would really know,” Feigenbaum says.
Reduce endpoint reliability
“The concept of the cloud is to store minimal data on your endpoint devices,” Feigenbaum says. “Endpoint devices are hard to secure — you’re taking security out of the experts’ hands and putting it into the users’ hands.” The FBI reports that 1 out of every 10 laptops is stolen in its first 12 months since purchase. And though USB keys are convenient, they’re easily lost.
“Don’t overlook client-side security,” advises Joe Krause, director of product management for information security consulting firm Trustwave.
Ensure proper compliance and certifications in data transactions
OpSource’s Ryan advises that transactions involving credit cards should be PCI compliant. “If our system is not PCI compliant, the system breaks and you don’t have a secure transaction of Web data,” Ryan explains.
Ryan says in corporate environments, enterprises should follow SaaS 70, a safety protocol.
Meanwhile, health care companies need to heed HIPAA regulations as medical data travels in the cloud.
Understand vulnerability management
Trustwave’s Krause says providers need to be able to manage the vulnerability of a single piece of data to affect a large number of clients. “A single vulnerability has the potential to expose the critical assets of a large number of their clients,” Krause says. “Cloud computing providers have to be able to show that they’re aware of the vulnerabilities of the cloud and that they’re not waiting for someone else to show them there’s a vulnerability,” he explains.
Keep a forensics and Web log
Providers need to know where their customers’ data is at all times, Krause says. “There’s got to be a way to follow the audit trial, where the data was at any point in time,” he says. A forensics and Web log accomplishes this, he says. “Enable logging so you get visibility on how people are using your services you put in the cloud,” Balding suggests. “You might detect some attacks that way. If you don’t turn on the logging, you’re not seeing any of the bad stuff or hacker potential,” Balding says.
Also check with IT to see if other divisions of the company have already signed up for the cloud service, because if they have, a security breach can occur. Balding says to confer with the finance department to see if anyone else in the company has spent money on that service. It’s a company hazard if the same information is in the cloud twice, he says.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
