An introduction to cloud security
What is the cloud?
You might have heard about ‘the cloud’ and wondered what it meant. In simple terms, it’s a way of describing data and applications that are stored online.
As little as a decade ago, programs were run directly from people’s computers. Users installed the software themselves onto the hard drive, usually from a CD-ROM. The data created by that software was also stored on the hard drive.
But as internet speeds have increased and data storage costs dropped, all of that is changing. Now many applications run at least partly online, from remote servers. And the data they generate is also stored on those servers.
How is the data stored?
One of the common questions people have about cloud computing is, "How is my data stored?". In most cases it's stored on servers in big data centres, which are secure and managed 24 hours a day.
And what about the journey between your computer and those data servers? Professional cloud applications use secure, encrypted connections. That means your data is encrypted on your computer before it's sent to the server – and also when it comes back again. This means that nobody can listen in to what's being sent or received.
Cloud software companies take data security very seriously and work hard to protect their customers' data. So you might be wondering how data is ever hacked. It does happen, but it's something you can help prevent. We'll look at that next.
Five key ways you can make your data more secure
High-profile hacking cases in recent years have made some people nervous about storing their data in the cloud. But in nearly every case, it’s not as simple as the cloud being the problem.
Often it's the way the cloud is used that causes issues. Here are five ways you can increase the security of your data:
Make sure your passwords are secure Many people use passwords that aren't secure. They might use their pet's name combined with their date of birth, or their child's name spelled backwards. Or they might use other combinations that seem clever but are actually easy to guess.
Short passwords can be cracked by brute force, by giving a computer a word list and letting it try combinations of words. Longer passwords are harder to crack – but also harder to remember.
You can use password manager software to help you remember multiple logins and to generate strong passwords. You only need to remember one password to access the manager, which securely stores all of your other usernames and passwords for you.
Use multi-factor authentication In addition to requiring a username and password to log in, some software solutions offer multi-factor authentication. This type of solution is also referred to as two-factor authentication, two-step authentication or two-step verification, depending on the approach used. Multi-factor authentication places an additional layer of security on your login. This means that in addition to your standard login, you're required to provide another factor to authenticate your identity. This could be a unique code generated by a separate application, service or device, or something unique to you – like your fingerprint or voice. This reduces the risk of your account being accessed if your password is compromised.
Take advantage of login and online activity monitoring Some cloud applications provide additional information about how their system is being used. Review the additional security services they provide and take advantage of them – every precaution you take makes a difference. For example, some online services display details of when you last logged in to their service. If you notice this is incorrect, or from a suspicious location, then raise it with the appropriate party. Remember: tools like this are provided as a service – they're there for you to use.
Use anti-malware (also known as anti-virus software)
Malware (short for malicious software) can get onto your computer, laptop, tablet or smartphone and do something malicious like stealing your data. It usually means that the user of the device has clicked on a link or attachment in an email, or visited a website that’s not secure. If there’s a link or attachment that you don’t know or trust then don’t click on it.
Once malware is on your machine, it might log your user ID, password or credit card information and send it to a hacker. Or it might quietly take over your computer and use it to attack other machines.
Malware is designed to be hidden, so you're not likely to notice it by chance. Make sure you use anti-malware on your phone, laptop, desktop and tablet. And always ensure that your anti-malware and any other software you have is kept up to date.
Make sure you get your anti-malware from a reputable source. This is because often what can look like genuine software, is actually malware in disguise. If in doubt, run virustotal.com as a preliminary check. Malware is one of the easiest ways for hackers to get access to your device, so it's important to take this seriously.
Be aware of phishing or other hacking methods
Hacking can happen through people, not just computers. For example, imagine a phone call: "Hello, it's Mary from IT support. We're upgrading your software but it looks like your password has changed since last time and we can't get in to do the upgrade. What's your new password?" This is type of hacking attempt is called social engineering.
Another method of hacking is called ‘phishing’ and this happens by email. Often the email will contain links that the hacker wants you to click on. Without training, your staff might give away vital security information via phone or email.
In any of these cases, the cloud isn't the problem. The same attacks could be carried out on data stored in-house. In fact the risk would be even greater, because burglary or theft could also be issues. It's easier to steal a USB stick or a laptop full of data than it is to steal information in the cloud. The problem is usually in the way the technology is used.
Train your staff about online safety and good security practices
You wouldn't let your staff drive a forklift truck or work in sales without proper training. The same should be true of computer equipment and software.
Whether your business uses a smartphone, laptop, desktop or tablet, staff should be trained in data security best practices. They should also be taught how to choose secure passwords and identify phishing scams.
A full data security policy is beyond the scope of this guide, but it's something every business needs. There are online resources that can help you draft one, and plenty of security companies can advise you too. Check out this resource by Get Safe Online.
Remember, an unsecured computer is an open door into your vital business data. Make sure all the doors are locked.
Cloud security is all about your attitude
Cloud data storage can be more secure than storing data on your own business premises. There's less risk of loss or theft, more flexibility and the ability to recover quickly from a disaster.
But nothing can be perfectly secure on its own. The way you use something affects its security. For example, you wouldn't leave your car unlocked in the middle of a town at night. Make sure you take cloud security seriously by:
using sensible passwords
protecting your computing devices against malware
training your staff to identify risks and phishing attacks
complying with all laws about data storage in your area.
Remember, nothing is ever 100 percent secure, so you need to take the right precautions to protect your data. If you follow the steps in this guide, you’ll be well on your way to making your data safer in the cloud.