5 Best Practices for Data Security in the Cloud

Only one in five enterprises are considered leaders in the area of data security according to a 2013 survey by Unisphere Research. The same report found that one in five were considered laggards. The rest fall somewhere in between. As reliance on data management and Cloud resources continues to expand, data security becomes an even more crucial priority for IT managers.

Here are five best practices IBM suggests to help move your organization from laggard to leader.

Protect Yourself in the Cloud

Moving applications and other IT processes into the Cloud brings significant benefits in terms of resource management and cost containment. However, it also brings you and your data into contact with a wide variety of entities, not all of them friendly or secure. Start with a strategy for securing your own cloud services. Review your internal processes and procedures to ensure access and data security are properly controlled. Perform regular audits to assess the strengths and weaknesses of your cloud infrastructure, programs, and practices.

Evaluate Third Party Security

Enterprises today aren’t self-contained and rely on interaction with a network of customers, partners, suppliers, and vendors. Securing your internal environment is a start, but once you move outside your firewall and into the Cloud, you’re at risk. It’s imperative that you monitor your third party connections and controls to ensure their security standards are consistent with yours when it comes to data protection. Include a comprehensive audit of all current and potential vendors as part of your supplier management program. Ensure they are compliant with process and data protection standards like PCI, GLBA, HIPAA, SOX, and NERC-CIP.

Implement Active Monitoring

Operating in the Cloud reduces your need for in-house IT resources, but it also limits your control. In order to ensure you’re aware of what’s happening in your hybrid Cloud and on-premises operation you need to implement an active monitoring system to address availability or instability conditions. Without such a system in place, you run the risk of being blind to problems that may only come to light when users alert you. This could result in poor customer satisfaction and lead to client loss. Enterprises should look to implement automated monitoring processes to alert them of any potential problems.

Defend the Mobile Workplace

The growth of BYOD and pervasive use of mobile devices by customers opens up a wide range of potential holes in your security system. Security settings can’t be left to the individual but instead need to established and monitored centrally by the organization. As we’ve discussed before, Enterprise Mobility, is here to stay so now is the time to take action to control it. Secure an end user computing platform to allow setting up risk profiles for each employee. Enforce security settings across workstations, mobile devices and cloud images.

Manage the Identity Lifecycle

If your organization is like most, personnel staffing is fluid. It’s critical that you be able to track employees as they move from one department to another or are separated from the company. Each role carries a different set of access approvals and keeping track of those is vital. Start by designing an optimized identity and access management strategy. Then implement standard control mechanisms to track employee movement. Finally, adopt a desktop and web single sign on solution.

Utilizing the vast resources of the Cloud has become imperative for most businesses. It does increase your data’s exposure to risk, however, so make sure you have a solid security plan in place.