Best practices for handling gaps in cloud security

Establishing sufficient cloud security is a complex challenge. Learn where your attention is best directed to achieve the best results.

Business leaders must change their security posture to remain safe in the cloud According to Michael Liebow, head of the Accenture Cloud, business leaders must shift their mindset away from thinking of the data center and moving outward to best embrace cloud security.

As cloud security concerns remain a top priority, it's important for IT professionals to remain vigilant, especially with data and services being stored off-site and likely in the hands of outside personnel who must be monitored and vetted.

SEE: Vendor comparison: Microsoft Azure, Amazon AWS, and Google Cloud (Tech Pro Research)

Cloud security tips

In general, when it comes to establishing and maintaining proper security I've found these tips invaluable.

  • Security is an investment. Understand that security is an investment, which can pay dividends by protecting your organization and its reputation. You will have to pay upfront for quality security processes and controls, and it's better to face reality in advance than to do so after a breach.
  • Security is an investment. Don't look at money invested in security as wasted if "nothing happens." That's like questioning police officer salaries when you haven't been robbed.
  • Eliminate redundancies. By that, I mean duplicate monitoring/alerting systems, anti-malware products, mobile device management solutions and the like. These don't add layered security but can produce a false sense of confidence. Focus instead on selecting the best possible product with the most features and options. It's not putting all of your eggs in one basket, but rather relying on the highest quality choice for the best results.
  • Update all SSL certificates. Ensure all your SSL certificates (or any security-related product which can expire) are up-to-date and signed by a trusted authority. This is so your users don't develop bad habits such as configuring security exceptions, ignoring alerts, and so forth. Users should be trained to always take seriously any prompts and messages trying to provide beneficial advice.

Remember, data privacy is always the end goal of any security measure; don't lose sight of this fact: Protecting information is the top priority.

Also see

istock-473894422.jpg
Image: Leo Wolfert, Getty Images/iStockphoto

By Scott Matteson

Scott Matteson is a senior systems administrator and freelance technical writer who also performs consulting work for small organizations. He resides in the Greater Boston area with his wife and three children.