Security is a concern for every business, but even more so when those businesses are entrusting their data to a third-party hosting service. When considering if cloud computing is right for you, security is certainly an issue you want to explore. Having your information compromised could cost you business, tarnish your reputation, and expose your customers to scams and attacks. There can be a certain degree of buck passing in regards to security in these cases – “we didn’t lose the data, our cloud computing vendor did!” – but this only garners so much support in the court of public opinion. So it’s up to you to make sure that whatever data storage solution you come up with is the right one for you and your customers. After the jump, I’m going to discuss some of the security measures you should look for in a cloud computing vendor, and offer some tips on maximizing your security efforts.
When looking for the right cloud computing vendor, take a look at the measures they take to secure your data. Most, if not all, providers understand this concern and will have information about their security measures front and center on their website. (If they don’t, you should consider it a red flag: tread lightly around these sites). Hopefully it’s presented in plain English, so you don’t need to bring an IT tech in to translate. If it’s not, or there’s still something you don’t understand, feel free to email the company with your security questions.
Tip: A lot of company’s security officers can be reached by sending an email to security@theirname.com.
In looking over the outline of a company’s security measures, make sure they’re thorough (Hint: a 6-point outline isn’t thorough!). Again, cloud providers understand your concern for security and are generally forthright in letting you know what they’ll do to protect your information. They can’t be too detailed, as they don’t want to give their system away to those looking to attack it, but they should be able to explain to you the measures they take. If they’re not, they are probably hiding something, so you might want to stay away.
Security is a broad term; this is a broad topic to talk about. When we’re talking about security, we’re including firewalls, TLS or SSL encryption (that’s shorthand for protocol that ensures security when you log in from the Internet), and database protection, but also backup generators, security guards, and backup functions in case of emergencies. Don’t be fooled into thinking that hackers are the only thing to guard against; the buildings that house the servers are still susceptible to natural disasters, fires, and power outages, not to mention physical attacks. Compare the security protocols of at least a few of the top cloud computing vendors to see what kind of service is out there, and what kind of service you need.
You’ll also want to take your own steps to increase security. There are certain security threats out there that don’t try to break into the cloud; instead, they try and trick you into giving up information or access to the servers. With your information, they can simply log in as you would, and steal your data from the cloud.
Phishing
Phishing is when hackers set up sites that look legitimate, but are not. They often mimic real sites down to the last minor detail. However, there are a few things they can’t replicate. For starters, always check the address bar of the page and make sure you’re at your vendor’s site – just because it has the Amazon Web Services logo doesn’t mean it’s an Amazon site. Make sure the URL (i.e., the www.companyname.com) is right. If it’s not, you’re probably at a malicious site. Secondly, look for the “padlock” icon in your browser’s status bar. This image is only displayed on sites that have been certified as secure, so if it’s not there, it’s vulnerable to data theft. Don’t enter any log-in information to a site that doesn’t have this padlock.
Viruses and Email Attacks
Like creating an identical website, cyber criminals often send emails that look like company messages, also designed to trick you into giving out your personal information. These emails often address you as “Company User” instead of by your name, and use general information instead of specific information, because they’re sent out to thousands of people. If you receive one of these messages, or any message that you feel is suspicious, contact your vendor and send them a copy of it. Do not fill it out, though, and do not download any attachments, as they might contain viruses or Trojan horses that will disrupt your personal computer.
Update Your Personal Security
If your computer is easier to break into than the servers of the cloud computing vendor, hackers will target you instead. Using the above methods, they might try to send you viruses that steal information from your hard drive. Make sure your anti-virus software is updated and that you secure your wireless network, if you have one. Use firewalls to keep outside users from getting in.
Require Stronger Passwords
Something as simple as making passwords more complex and harder to guess can go a long way in securing your account. Use both letters and numbers in your password, and change it on a regular basis, and require others with access to do the same. Some applications will allow you to set an expiration date on passwords, requiring that you set a new one every so often.
If you’re looking for a cloud computing vendor, make sure you’re looking beyond the functionality of the system – check out the security features as well. There are plenty of vendors out there that offer the services you’re looking for, but not as many that will help you keep your data secure. However, the best cloud computing system isn’t worth anything if it doesn’t keep your data out of the hands of others.
