5 Tips for Developing a Cloud Security Strategy

If you are getting started with the cloud or just concerned about security, here are five steps to consider in your security strategy.

Guest Commentary, Guest Commentary

March 9, 2018

3 Min Read

While the cloud may be innately more secure than on-premise storage, it’s not foolproof. As recent incidents have shown, hackers have ways of compromising cloud data and running otherwise healthy businesses into the ground. If you don’t have a cloud security strategy, you’re becoming increasingly vulnerable to the possibility of an attack. Coming up with a plan can greatly reduce risk.

Developing a robust cloud security strategy

You may assume that your greatest cloud security risks involve choosing the wrong cloud solutions and working with vendors that fail to offer maximum protection, but the onus is actually on you. Gartner research shows that, through 2020, 95% of cloud security failures will be the customer’s fault.

Coming up with a robust security strategy will help you avoid common security failures and enjoy the freedoms and advantages that come with operating in the cloud. Here are some pointers:

Involve all key stakeholders. Securing your business in the cloud is a lot like building the hull of a boat. A single hole – no matter the size – can sink what is otherwise a perfectly built ship. In terms of cloud security, a failure to account for all stakeholders and how they’re involved with your organization will lead to a compromised strategy.

Identify vulnerabilities. You don’t help anyone when you ignore the risks your company faces. Put all vulnerabilities on the table so that you can create a strategy that accounts for both your strengths and weaknesses.

Invest in regular training. The cloud is continually changing, which means our stance on cloud security should be evolving as well. You can’t just implement a cloud security strategy and then let it run its course. In order to stay secure, your employees need to go through regular training.

The key here is to make sure the training sticks. While it may seem odd or archaic in today’s learning environment, it’s actually better to go with printed training materials over electronic modules. Research shows that screens inhibit reading comprehension and knowledge retention, whereas paper-based content produces greater results. Creating training booklets and disseminating them to employees is a good way to keep employees abreast of what’s happening.

Prioritize data privacy.  Data privacy isn’t something you can play around with. Depending on the industry you’re in, which local and state laws apply, and what different regulatory bodies demand, you may be limited in terms of the customer data you can store and how you store it. Keep this in mind when brainstorming a strategy.

Use a layered approach to security. The only realistic way to keep your business secure in the cloud is to take a layered approach that safeguards you in the instance that one or more high risk scenarios unfold.

“Deploy private connectivity instead of a regular internet pathway to a cloud provider’s network,” Charles Cooper writes for CSO. “At the same time, protect all of your mobile endpoints with anti-virus and anti-malware applications. Lastly, add EMM (enterprise mobility management) to track and disarm mobile devices that get stolen or lost.”

It’s also a good idea to encrypt all stored data so that valuable information doesn’t end up in the wrong hands if the cloud is breached.

Don’t skimp on security. It’s not enough to transition your business to the cloud. If you’re going to invest in the cloud, you also need to invest in cloud security to protect your data and promote privacy. Hopefully, the advice in this article will give you the information you need to get started.

If you feel like you’re underprepared, you may consider working with a security consultant to ensure you get things moving in a positive direction from the start.

Larry Alton is an independent business consultant specializing in tech, social media trends, business, and entrepreneurship. Follow him on Twitter and LinkedIn.

About the Author(s)

Guest Commentary

Guest Commentary

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT professionals in a meaningful way. We publish Guest Commentaries from IT practitioners, industry analysts, technology evangelists, and researchers in the field. We are focusing on four main topics: cloud computing; DevOps; data and analytics; and IT leadership and career development. We aim to offer objective, practical advice to our audience on those topics from people who have deep experience in these topics and know the ropes. Guest Commentaries must be vendor neutral. We don't publish articles that promote the writer's company or product.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights