Don’t let these security risks curb your public cloud use

The public cloud has changed how businesses deal with certain data and processes. It provides an incredible range of services at attractive price points, and with scalability to boot. But the public cloud isn’t foolproof. If your company isn’t careful, the cloud can introduce security risks you weren’t expecting. Here are three potential security risks of the public cloud, and how you can prepare your business for them.

1. Inadequate security from the cloud provider

Many organizations going to the cloud believe that cloud service providers are inherently more secure than their own data centers, and that these providers use more robust security tactics. This is simply not true – at least not across the board.

Like potential partners you deal with for any service, some cloud providers provide more security than others. So, do your research and find a provider you can trust. Then, and only then, let yourself trust their security measures for your sensitive data.

2. Inadequate internal security policies

It’s understandable that companies just moving to the public cloud don’t have cloud infrastructure in their security policies – understandable, but not okay. Failing to update your security policies to reflect data in the cloud can create weak spots in your overall security and invite intruders to go after that private data.

Once you have chosen a cloud partner, take the next step. Start considering this cloud infrastructure as part of your organization’s network, and update your security policies to reflect that change.

3. Inadequate safeguards on sensitive data

For the purposes of developing and testing, it’s important to have data that’s as accurate and close to the real thing as possible. So, organizations often use live customer data in their dev and test environments that are hosted in the cloud.

However, it’s important to remember that this information can be sensitive in nature, proprietary and valuable to your customers’ and your business’ reputation. Therefore, it needs to have the same tight security that your company has for its on-premise data.

There are some types of data that might not belong in the cloud, for these very reasons: federal or state legislative data, test and development environment data and records with extended retention policies, such as medical and legal records.

There’s no denying the public cloud is a wonderful resource for businesses, but that doesn’t mean your company can be lax with security there. By following these tips, you can start to mitigate security concerns and begin to benefit from all the cloud has to offer.

Stay up to date with cloud security tips with the DataGravity newsletter.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.