Cloud technologies are strengthening and adoption by companies is growing with each passing year.
And not only the private sector, are public entities discovering the benefits that Cloud Computing brings to digital transformation.
However, there is a myth that when we migrate to Cloud, all concerns about information security will be resolved with the simple fact of migrating.
Normally the leading companies in these technologies grant up to a certain degree of security in the cloud by contracting the service and special security packages for specific cases.
The human factor will always be one of the most sensitive attack vectors in business Cyber-security, because the digital transformation of organizations begins in the mental paradigms of their workers at all levels.
There are strong risks that ordinary entities and users face, when using cloud platforms where files and data are stored that can be stolen and disclosed by hackers in case of not applying the necessary security measures.
Therefore, we must take into account the following key considerations of cloud security:
4 Tips to improve cloud security
- Review the conditions of use
Normally when we register, subscribe or purchase a digital product or service, we almost never pay attention to the conditions of use
The number of people who read the Terms and Conditions of use of the services in which they sign up is very low.
It is very normal that we go to the last page and press “Accept” with our eyes closed
We will show you some examples of the most used services and applications on the Internet and how we accept controversial conditions “With your eyes closed”.
This tool helps us to access all our information from multiple devices.
However, a somewhat controversial clause is kept. Basically the company reserves the right to suspend or cancel the services at any time.
This means that, from one day to the next, the lords of microsoft can delete our Dropbox account and lose all the information we had inside.
It should be noted that at the business level things change, there are service level contracts (SLA) where information support with third parties is proposed.
It would be advisable for non-business users to use another additional cloud storage service or other alternative to make our backups and not lose that information the day Dropbox chooses to suspend or cancel its services.
With the giant of Silicon Valley, we do not run the risk of losing our information, on the contrary, when we say “I accept” in the terms and conditions of the service, we give Google permission so that any information you get about us can be stored and used in any of its services.
This is good to improve your searches and adjust them to our needs but, they also use it to show us advertising adapted to each of us.
The social media giant has been in the eye of the hurricane several times in the last 3 years, for its controversies in the processing of personal data.
In other words, any information that is uploaded to Facebook can be used by them at your convenience.
In fact, if you upload a photo, and you want to delete it, you can’t. It is possible to disable so that they cannot access from your wall, but it remains on their servers.
For these reasons it is necessary to read the fine print of the contracts and terms of our suppliers to avoid future inconvenience.
- Set passwords
The first line of cyber defense in applications connected to the Internet are passwords, however, unfortunately most people do not invest enough time to create and memorize a secure password.
We usually think that a strong password is “12345 + the name of the dog” while in all our public networks we have photographs with the name of the dog.
The most common practice when deciding on a password is that it is easy to remember and, in addition, we end up with the same password everywhere. This is a terrible idea that we should not do.
Tip to create a secure password in 5 steps
- Choose a song
- Select a number
- Opt for vowels or consonants.
- Choose a symbol.
- Decide the order.
The idea is to use the first letter of each word of a song verse, followed by a simple number to remember (for example, an important date).
To identify the password we will use the name of the service, using only the vowels or consonants.
Choose a random symbol and, finally, establish the order of all these elements.
This is called creating a password formula, which you can repeat almost completely by modifying something depending on the account.
Thanks to the fact that in this password we incorporate lowercase and uppercase letters, numbers, symbols and it has more than 9 characters, it will cost a social engineer much more to decipher something like that.
- Classify and limit information
It is necessary to make an inventory of the information to classify and separate it in such a way that the sensitive data for the company is not hosted in public clouds, but in the company’s servers or its private cloud.
“The company must indicate what the classification of data expected for information security is.”
We must always be clear that it is not the same to expose one information than another.
Without the correct classification of data, the decisions to protect the information of the company are being taken every day in a discretionary manner by those responsible for security, systems and databases.
An information classification system makes it easier for us to ensure that the decisions that the company must adopt prevail over the protection of individual information.
- Have Cloud protection
It is possible to reduce the risks with the help of a next generation Firewall (NGFW) in the cloud, which includes antivirus, protection against threats, among others.
This protection in the navigation vector helps us avoid the risk of having malware on the devices that can access the cloud where the company stores the information.
Currently, many companies are no longer installing Antivirus software on their Workstation and opting for some type of cloud-based protection such as NGFW. In this way, the performance of the company’s work teams is improved.
It is to be considered that the key aspects for cloud security described above are not all that exist, each company has specific needs in business cyber-security.