Top Five Tips For Using Your Cloud Applications More Securely
Cloud adoption by businesses seems to be growing to almost universal proportions, with one recent survey of 930 IT professionals reporting that 93% were using or experimenting with some form of cloud services. But while the cloud offers cost efficiencies, flexible and on-demand scaling of infrastructure, and easy access to files, 30% of the SMB respondents were actually from organizations that could be considered to have low “cloud maturity” – either in the early planning stages of their first cloud projects, or with no official plans just yet. This suggests there may still be some hesitancy with using the cloud for more critical business functions, especially in smaller organizations.
One reason for this is that cloud security remains a top concern for many businesses. Because you are entrusting your company’s sensitive information to a third party, it’s only natural that you would be worried about how safe it will be. The good news is that most large cloud service providers have far more robust security than most small businesses could implement on their own.
But you still have an obligation to practice safe computing when using the cloud. Here are five things you should be doing on your end to improve the security of your cloud applications:
1. Use strong passwords
It’s almost stating the obvious, but the first step to improved cloud security is to use strong passwords. Very strong passwords. I consulted Michael Nehall, a cloud expert at Bell, who says, “Secure passwords should not use basic number combinations or contain words found in any dictionary. Most modern computers and smartphones have the processing power to crack simple passwords using brute-force attacks.”
The Password Meter is a useful little tool that will evaluate the strength of your passwords. The site recommends that passwords be a minimum of eight characters long, and contain at least three out of the following four elements:
- uppercase letters,
- lowercase letters,
- numbers, and
2. Use a password manager
Besides using strong passwords, best practices also demand that you change them regularly, and never use the same one for more than a single application. Michael adds, “Many hackers possess tools that automate the testing of your password against multiple other online services. So if you share the same password across multiple cloud services and websites, it can leave your data exposed if even one of them are compromised.”
This creates a substantial challenge to remember all those strong-but-cryptic passwords. Fortunately, there are several excellent tools available – such as the free service offered by Montreal company PasswordBox, recently acquired by Intel – that manage the process for you, leaving you to remember just a single master password. And using a password manager to ensure your passwords are as complex as possible is ultimately safer than simplifying them for the sake of being memorable.
3. Use two-step authentication when possible
Two-step authentication, also called two-factor verification, is the use of two separate and independent mechanisms for verifying your identity. The first mechanism is the one you’ve been using for years — typing in your username and a (strong!) password. The second mechanism must be entirely independent of your log-in process, and takes one of several different forms. You could be sent an email or text message with a one-time, randomly generated code that needs to be entered, or have a code generated by an app or a physical security token. (I use Google’s free Authenticator App for two-step verification on my Google, Dropbox and other cloud accounts). Microsoft also recently implemented native multi-factor authentication for its Office 365 productivity suite.
4. Use encryption
Many cloud services automatically encrypt your data as it travels from your device to their servers and back, so it can’t be hijacked in transit. But for greater security, encrypt sensitive data while it is still on your device. If you’re using Windows operating systems, you can use BitLocker (Mac OS users can turn on FileVault). Not only will this ensure that your data is even more secure while in the cloud, it will also encrypt files on your own system, making it far more difficult for anyone who steals your device to gain access.
5. Avoid using public access points
As convenient as it is to use public-access PCs or tablets at hotels, airports and libraries, it’s best to avoid using them to access your cloud accounts. The physical security of such devices can never be reliably guaranteed, and they are vulnerable to threats implemented by cyber thieves such as keystroke loggers that can record your username and password as you type them in.
In fact, be cautious of all public access to the Internet, including free Wi-Fi networks – as they don’t always use secure connections. If you need to connect a laptop reliably and securely while on the go, invest in a mobile stick like the Novatel Wireless U679, which provides a high-speed 4G LTE connection. Michael also suggests, “If you do need to access a sensitive file from the cloud when using public Wi-Fi, always use a virtual private network (VPN) to create a secure, private connection to the Internet.”
The bottom line
The convenience and potential cost efficiencies that the cloud delivers – along with the robust security features of most cloud vendors – make it an irresistible option for businesses. Don’t let that ease of use lull you into a false sense of security, though, and make sure you and your team are following best practices to reduce the risk of human error.
What do you do to enhance the security of your cloud services? Please share your advice with us in the comments section.