The Cloud is Safe If You Take The Necessary Precautions
In light of the rapid rise in data breaches devastating companies big and small, security is increasingly one of a CEO’s top priorities. All of the recent corporate data breaches have involved on-premise legacy systems, indicating that on-premise security just isn’t adequate anymore. And increasingly, it’s beside the point: 80 percent of employees use unapproved cloud software on their work computers or personal mobile devices—which means that more and more, corporate data isn’t even on the network.
That should please a bottom-line minded CEO, in part because the cloud makes work simpler and more accessible from home and on the go. But while being mobile in the cloud may be a boon to employees’ productivity, it’s a red flag when it comes to security—or it ought to be. Cloud solutions offer plenty of server-side security, but most miss the mark when it comes to on-device encryption. But mobile devices are an increasingly valuable tool for work, so it’s vital to find a service that offers file-level encryption, which will secure your files anywhere and keep them safe wherever they’re synced, shared, or emailed.
[Tweet “The #Cloud is safe for your #business if you take these necessary precautions! “]When properly deployed, the cloud really is safer than outmoded network-focused securities. As the below examples demonstrate, embracing the right encryption technology should prevent the security debacles that Sony, Premera, and others have recently experienced and safeguard against employee mistakes.
Sony Fails To Secure Weak Links
When Sony was hacked in November 2014, it quickly became clear that it lacked an in-depth approach to security, which in turn exposed untold volumes of sensitive data. Hackers were able to infiltrate one poorly protected server, and from there gained access to the rest of the network. What’s more, Sony’s use of weak passwords and lack of file encryption meant that, once breached, the sensitive information was ripe for plucking. Had Sony embraced the cloud, however, it could have implemented file-level encryption for its most sensitive data and prevented the worst damage.
Premera Ignores Warning Signs
The great irony about the Premera Blue Cross breach—which resulted in the loss of 11 million records—is that the company knew about its vulnerabilities weeks before the attack occurred. Due to its participation in federal programs, Premera had the advantage of being audited, which determined that it did not update software in a timely manner or have adequate access controls in place. But it goes to show that routine audits aren’t enough; instead, it’s essential to take immediate steps to address emerging vulnerabilities.
There are several things to learn from these and other recent breaches, and CEOs should keep the following tips in mind in order to provide the utmost security for their company and clients.
- Security Isn’t Only IT’s Responsibility. One of the common threads among the big breaches of the past two years is that IT lacked the resources—and respect—to implement adequate controls. (Not to mention a certain level of inertia when it comes to taking steps that should be no-brainers.) This environment, in turn, prompted chiefs to lose their jobs.
- Embrace The Cloud. Sooner rather than later, a move to the cloud is going to be inevitable. By embracing the cloud early, you can implement necessary security precautions from day one, making it easy for employees to use the software they already like in a safe, work-sanctioned way.
- Deploy File-Level Encryption. Encrypting at the file level is critical, because files will stay protected everywhere: in the cloud, synced to mobile devices, emailed via secure links to clients, or shared in Dropbox. This isn’t a regular feature of most cloud services, so read the fine print to make sure your encryption is sound.
- Expect a Breach. As hackers become increasingly sophisticated, breaches become increasingly inevitable. CEOs should routinely make sure all security measures are up to date and that a breach protocol is in place. Anticipating problems will prove useful if anything ever happens—because unfortunately, odds are that it will.