IronKey

Mobile Data Security Blog

Home  »  2014  »  May

by

When It Comes to the Cloud, What do Small Businesses Need to Think About?

 

The move towards hosting applications in the cloud shows no signs of petering out. More and more companies are keen to realise the operational benefits that a cloud-
based model has to offer; not to mention the possibility to reduce some CAPEX spend. While many emerging technologies can feel like they are exclusively for the ‘big
boys,’ the great thing about the cloud is that whether you are one person or several thousand, there is a platform out there to help you meet your requirements.

The one downside to being a small business however is that often you don’t have the in-house IT knowledge to understand what, if any, security issues you could be
opening up your business to by opting to store data in the cloud. Here are my top tips to helping you make the most of the cloud, while remaining secure:

* Most small businesses aren’t all that concerned about cloud security and are keen to tap into the benefits that the cloud has to offer. However, as a note of caution, think
carefully about your cloud strategy. While providers might proclaim their offering to be “secure enough”, SMBs shouldn’t accept this assertion at face value – especially if
you intend to store customer data in the cloud as there are strict laws that govern how data is stored, managed and protected.

* Many SMBs can be confused about the best way forward, but take a look at larger companies operating in your sector, what lessons can you learn from them? Are they
using public or private clouds to give employees access to shared data? In the context of your organisation what are the pros and cons of each?

* While it can be tempting to think that your cloud provider ‘has everything covered’ it pays to know what is happening ‘under the hood’ of your cloud security offering. For
example, if the cloud service is responsible for the encryption of data, there is a risk that your keys can be compromised either internally by an employee or by a hacker
who is able to breach the management system and retrieve the keys. To be as secure as possible SMBs, and not their provider, should own and control the encryption
keys.

* For the director of a SMB all this talk of encryption and keys might sound a bit daunting, but the key piece of advice here to mitigate the risk of cloud services is to ensure
that if you are storing data in the cloud that you encrypt the data before it reaches the cloud and apply an enhanced level of key management to avoid it being
compromised. And ensure that the data and the encryption keys aren’t stored together!

SMBs need to think carefully about their security strategy, how it can enable their business and if software encryption is right for them. “Good enough” security in today’s
rapidly evolving cyber security landscape will not protect your organisation – or your customers – from persistent and sophisticated attackers. Hopefully the above pointers
are a good starting point for ensuring that, when it comes to the cloud, you’ve got the right security measures in place.