As Halloween approaches, the only thing more frightening than a house of horrors is a security threat to your enterprise cloud system. One slip-up could not only be detrimental to your organization, but also place your peers, clients and business partners at risk. With worldwide information security spending expected to reach $75.4 billion this year alone, IT pros have all the more reason to shape up their cloud security measures.
As witness to a fair share of cloud security mishaps through the years, here is my list of the top six scariest cloud mistakes IT pros make and tips for how to avoid them:
Mistake #1: Assuming all cloud offerings the same
All clouds are not created equal. Do your best to exercise due diligence when selecting a system. Evaluate its offerings carefully, define what your organization’s requirements and needs are, and always read the fine print so you know exactly what you and they are committing to.
Mistake #2: Overlooking the built-in security capabilities of your cloud services
Be sure to understand and make use of all available security controls in your system, including access controls and user roles. Leverage these controls to set limitations on the end user’s access and actions – though often unintentional, one of an organization’s biggest and most commonly overlooked threats is its own employees.
Mistake #3: Forgetting to monitor the usage and activity on your cloud service
Irregular activity is usually the first sign that your system’s security has been compromised. Set effective monitoring controls and test them to ensure that you will be alerted in the event of a security incident.
Mistake #4: Failing to employ good security practices from the very beginning
The simplest activities – such as sharing a social media password – can pose the largest threat to your organization. Make sure to follow tried and true tactics such as in-depth password management and multi-factor authentication, especially for your administrative accounts, and implement prompt software upgrades and patches where appropriate, to ensure that your cloud system remains secure.
Mistake #5: Ignoring Shadow IT implementations of cloud services
It seems like almost every day a new cloud service is cropping up, offering an attractive suite of products that are easy for teams or departments to implement without ever having to engage with IT. While convenient for employees, services not vetted by IT can pose huge risks to the organization. Make sure employees are educated on these risks and set internal protocols for new cloud deployments that require IT assessment, approval and ultimately governance over these tools.
Mistake #6: Omitting data management practices
An organization should always know what data they are putting in the cloud and how that data is managed. Be sure to classify that data, set and define its protection standards and apply them to the cloud. Not all data belongs in the cloud due to regulatory, compliance, or confidentiality standards – check your cloud system and evaluate accordingly.
Not all cloud systems are created equal, so be sure to evaluate accordingly for your organization’s standards. Avoid these six mistakes and your cloud system won’t be going bump in the night this Halloween.