This is the second article of a series, the first article is available here.
File access permissions
Having a system that lets you set the proper permissions and prevents unauthorized people from accessing files is important. However, you should expect that human error will lead to unwanted vulnerabilities. Expecting your users to manually set permissions on each file without ever making a mistake is unrealistic and bad for security and compliance. The key to getting file access permissions right is automation. By automating your access permissions, you’ll reduce the amount of manual work and, in turn, the risk.
To prevent data exposure, you should automate your sharing permissions with workflows while also using monitoring tools that will alert you if a file with sensitive content is shared with people that are not supposed to have access to it.
When companies don’t leverage automated document controls and permissions, their data is at risk. GoDaddy, Verizon, and DowJones, for example, exposed documents containing sensitive information because of improperly managed Amazon Web Services (AWS) S3 cloud storage bucket settings. Companies can easily avoid accidental human errors like this by using automated workflow tools.
To enhance productivity, the public cloud provides users with a suite of business tools with centralized access and real-time collaboration capabilities. This is an inherent advantage over the traditional workflow: save, drag, drop, email, download, edit, and repeat. Whereas many of the steps in the old-school process expose documents to security vulnerabilities, public cloud platforms allow you to keep your documents centralized and accessible.
Beyond being a version control nightmare, email attachments open your information up to unauthorized modifications and expose them to any software or network vulnerabilities found on the recipient’s device. By controlling access to documents, companies can effectively negate the risk of a file being shared with someone without their knowledge.
Centralizing information also means that no information should be stored on local devices. USB keys are one of the biggest offenders. These devices are often lost or stolen. In late 2017, a USB stick with highly confidential Heathrow Airport security data was found on the street. The drive’s files included detailed airport security and anti-terror measures.
Moreover, people tend to use USB keys that they’ve gotten for free from conferences. It’s possible that these devices have been intentionally infected with viruses. A security event in Taiwan recently awarded quiz winners USB sticks that contained malware designed to steal personal information. That’s not all, the list of USB drive-related incidents goes on.
There is also the possibility that your phone or laptop will be lost or stolen. Those odds become even greater when you’re traveling or running between meetings, events, and other appointments. If you have all of your files saved directly on your physical laptop or phone, you’re presented with an obvious problem. If you lose it, those files are gone and, if it gets stolen, you’re in even bigger trouble.
With cloud technology, personal computers and phones have become disposable. You can misplace or wipe these devices at any time without losing any sensitive work-related data. Even better, you can be up and running on a new device in only a few minutes. As many public cloud providers, like Google and AWS, have advanced security features, you’re able to revoke the access of a lost or stolen device as soon as it goes missing. In addition, these providers use cutting-edge security to ensure that all your corporate data is safe and sound in the cloud.
Blackhat hackers will repeatedly probe and attack whatever IT protocols a company has put in place with new techniques and approaches. When your documents are in the public cloud, the provider is in charge of network security. That means that their security team is monitoring the network audit logs for you. When your documents are all in the public cloud, it’s also much easier to centralize aggregated audit data.
Audits won’t be hidden within clunky firewall administration interfaces and other closed proprietary systems. This is important for maintaining and improving your security protocols.
When the audit information is readily available, your company is better equipped to conduct thorough security analyses. Data analysis systems, like Google BigQuery, make it easier, faster, and cheaper to load and analyze your audit log data. These systems can ingest vast amounts of data and allow you to quickly identify and investigate suspicious events. Automated alerts also allow for an immediate response in the event of a security breach. Through alerts and real-time monitoring, companies can secure their systems and files. When combined with an accurate audit log, from which your IT teams can pinpoint what information was exposed, companies can dramatically reduce the impact of security incidents.