As cloud security concerns remain a top priority, it’s important for IT professionals to remain vigilant, especially with data and services being stored off-site and likely in the hands of outside personnel who must be monitored and vetted.
SEE: Vendor comparison: Microsoft Azure, Amazon AWS, and Google Cloud (Tech Pro Research)
Cloud security tips
In general, when it comes to establishing and maintaining proper security I’ve found these tips invaluable.
- Security is an investment. Understand that security is an investment, which can pay dividends by protecting your organization and its reputation. You will have to pay upfront for quality security processes and controls, and it’s better to face reality in advance than to do so after a breach.
- Security is an investment. Don’t look at money invested in security as wasted if “nothing happens.” That’s like questioning police officer salaries when you haven’t been robbed.
- Eliminate redundancies. By that, I mean duplicate monitoring/alerting systems, anti-malware products, mobile device management solutions and the like. These don’t add layered security but can produce a false sense of confidence. Focus instead on selecting the best possible product with the most features and options. It’s not putting all of your eggs in one basket, but rather relying on the highest quality choice for the best results.
- Update all SSL certificates. Ensure all your SSL certificates (or any security-related product which can expire) are up-to-date and signed by a trusted authority. This is so your users don’t develop bad habits such as configuring security exceptions, ignoring alerts, and so forth. Users should be trained to always take seriously any prompts and messages trying to provide beneficial advice.
Remember, data privacy is always the end goal of any security measure; don’t lose sight of this fact: Protecting information is the top priority.