Keep your cloud secure: Today’s cloud security challenges

There is little question that making the best use of cloud technology is near the top on IT's list these days.

Whether it’s making the decision to jump into the cloud game or deciding how to best use its capabilities, the cloud looms large on the IT horizon in many ways. That said, the number one issue concerning cloud users — something that’s even stopping companies from using the cloud — is the issue of cloud security.

With the constant reminders of how insecure most computing environments really are, there is good reason for IT to be concerned about moving data and computing resources out of their direct control. And while you’ll find plenty of articles and online guides about cloud security, it all boils down to two tasks: lock it down and back it up.

Lock it down

The process of locking down your cloud ranges from the obvious, such as making sure that everything requires a password, to the subtle, such as encrypting data locally before transmitting to the cloud (even if your cloud service offers encrypted data storage). Users need to be educated about the importance of following the procedures put in place to keep data secure. Any device, be it a desktop computer or the CEO’s smartphone, needs to be secured so that casual actions can’t compromise data security.

Creating a secure cloud infrastructure requires a number of components all working in unison. This includes password protection of data and devices; encryption of data, either on the local network, in the cloud, or as data is moved; encrypted and secure links between local networks and the cloud; password protection on any device or application that can access the cloud; and a comprehensive education campaign for users.

Why you should do this is clear, but the how will be dependent on the services you choose, what you store in the cloud, and how your corporate culture handles maintaining a secure computing environment.

Back it up

While this probably seems obvious, backup remains in the same place in the IT process that it always has — something that is almost always an afterthought, regardless of how important it is. To a large extent, the cloud has made this attitude worse. There seems to be a tendency to believe that merely storing the data on the cloud means you have a backup. This is simply not the case. Unless you are explicitly contracting for cloud backup services, you run the risk of losing any data you have stored on the cloud.

Similarly, if you are using cloud-based applications, you need to be certain that there is a contractual responsibility for those applications to be backed up and that they are capable of being run from a location other than your primary site. This is especially helpful, should you find yourself needing to use those services for disaster recovery or business continuity purposes.

Remember, data that is not backed up is not secure. Be it an intentional hack or a hardware or software failure that causes data corruption, data needs to be backed up to keep it secure and available.

Even if you made the choice to use cloud data storage and applications, consider keeping a well-secured local copy of your critical business data. While this is less a security solution and more of a business survival tip, having a local copy of this data means that you may be able to continue operations, should you lose connection to your data stored on the cloud. And remember, if you act on this tip, this data needs to be kept secure.

Regardless of how you do it, keep these two key ideas in mind when it comes to implementing cloud security: lock it down and back it up. As you migrate storage and applications to the cloud, these two rules will serve you well in maintaining the security of your computing environment, as well as your corporate data.