Working on the cloud is soaring in popularity so much so that, in 2012, research major Gartner predicted a complete shift of offline PC work to the cloud by 2014. While the cloud has indeed grown in a big way over the last two years, Gartner’s prediction didn’t realize completely majorly because of inherent security issues associated with cloud computing. For all the advantages and convenience that the cloud provides, enterprises opting to store their data in the cloud lose control of their data and face increased odds of intruders.
Taking some precautions, however, could make cloud-based data more secure. This would negate the biggest drawback associated with the cloud. Here are few practical suggestions to this end:
1. Don’t Upload Sensitive Data
If it ain’t there to be hacked, it won’t be hacked.
The best precaution to safeguard your data in the cloud is to not upload data in the first place. When taken at face value, this obviously negates the very purpose of the cloud. However, data administrators could take inspiration from this precept to avoid storing sensitive information on the cloud. Personally identifiable information, credit card records, medical records, and plenty of other data are highly sensitive in nature and regulated. Breaches on such data would be catastrophic.
Move only non-sensitive data to the cloud or opt for a hybrid cloud model where sensitive data is stored in a secure private cloud and other data is stored in the public cloud.
2. Take Passwords Seriously
Most users take passwords lightly, very often populating it with easily identifiable words or figures, such as dates of birth or even their own names. The most popular passwords in cyberspace are actually “123456” and “password!” Worse, most people also use the same password for all their accounts thereby compromising all their accounts if any one of them gets hacked. The rationale is to ensure that users remember their passwords and do not get locked out of their own accounts. This, unfortunately, plays into the hands of lurking cyber criminals who can easily crack these passwords.
Passwords offer the first line of defense against malicious hackers, so ensure that it can withstand attempts by cyber criminals to be cracked open. Opt for a strong password, complete with small caps, large caps, numbers and special characters. Change passwords frequently, and have a unique password for each account. Phrases instead of word passwords are even better.
Do not save passwords on the system when accessing the cloud through public computers or open Internet connections. It may also be worthwhile to opt for more secure two-step verification, where users have to enter a one-time code sent to the registered mobile phone in addition to the password.
3. Encrypt Data
Encryption is the Holy Gail of cloud security. Encryption offers an additional layer of security, giving attackers garbled and useless data without the decryption key. Data is also protected against service providers and administrators themselves with such encryption.
Several free multi-platform tools, such as B1 Free Archiver, encrypt files with a password and compress it before transmitting it to the cloud server. Other tools such as DrivePop offer military-grade 256-bit Advanced Encryption Standard (AES). The open source TrueCrypt encryption software offers a choice of encryption algorithms including AES, Serpent, Twofish and more. Some cloud service providers such as SpiderOak and Wuala offer local encryption and decryption, meaning that the service not just stores files but also ensures that it stays safe.
4. Set Access Rights and Notifications
The best approach in the cloud is a “needs-based” approach. Ensure limited access on data to only those who really need it, and even staff members should have access only to the minimum possible data required for their jobs. The higher the number of users with access rights, higher the odds of data being stolen or compromised.
Also, it helps when system administrators responsible for security get timely alerts and logs on who has accessed data and when. This not just helps forensics nab perpetrators in a breach, but would by itself constitute a strong deterrent and early warning system. Such notifications would actually inform administrators of a breach as it happens, allowing them to pull the plug instantly and limit damage.
5. Ensure Adequate Security Safeguards
Opt for a cloud service provider with necessary safeguards in place to protect their servers. Any cloud service worth its salt would have antivirus, anti-malware, firewalls, encryption controls and other security features installed. In fact, when the stakes are high, it may be worthwhile to test the effectiveness of the cloud service provider’s security by deploying ethical hackers who attempt to make a breach, but do not steal data.
Even when the cloud service provider is 100% reliable and trustworthy, an unreliable connection or system from where the user logs in could be a major weak link. Make sure to access the cloud only from secure systems, protected with effective anti-virus and anti-spyware. For instance, malicious key-loggers could very well track all keystrokes and crack open the password to perfectly safe and fully encrypted cloud storage.
6. Read the Fine Print
Most users simply scroll through the terms and conditions before clicking on “I Agree.” The cost of doing this on service-level agreements with cloud service providers can be heavy.
A case in point – some cloud services make it possible for users to share photos and files with others. Such tempting offers could, however, come with a catch in the fine print. For instance, the service providers could give themselves the right to “use or distribute” these pictures, or the recipient of the shared photo gets the right to modify the photos.
Another important consideration is what happens if the data is eventually hacked or lost. The very fact that such eventualities are included in fine print means the service provider is either unprepared to tackle such an eventuality or would do nothing to atone for the loss. Users need to be aware of what they are signing up for. If all, or even a sizable number of, users do that, cloud providers would have no option but to shun shortcuts and take security seriously.
Finally, it pays to back up cloud data on local storage so that it is on hand even if data on the cloud becomes unavailable for some reason. Never assume that the cloud system will always be safe or even available. Hope for the best and prepare for the worst.