In the past, you needed to have a portable storage device such as a disk or flash drive with you if you wanted to work on documents at home and work or share stuff with your family and friends.

Nowadays, shared online storage like DropBox, OneDrive, and Google Drive allow sharing of material over the Internet without the need for a physical device.   At a business level, the equivalent is using cloud storage to allow access to data and applications from a variety of locations, facilitating remote access and working from home.   It also allows much easier collaboration in work teams and shared group activities.  For small businesses needing to establish e-commerce or scale up, using the cloud can be much more cost-effective.

However, the move to a Cloud-based environment raises all kinds of Cloud Security issues, particularly about the security and safety of cloud-based sensitive and valuable data.   Reports of IP thefts, ID theft, stolen financial information and other malware attacks like ransomware and DDoS attacks deter the takeup of Cloud applications and generate intense interest in Cloud Security.

If you have already moved to the cloud then the security of your data, especially in a public cloud environment is paramount.

Safe storage depends on two things, ensuring safe access to cloud storage hosting the data, then the more conventional aspects of making sure that only authorised users have access to the data.   Quite how you go about that will depend on whom you allow having access to your systems and data.  For example, a retail business will want to allow users to freely access an e-commerce shop, but not their back-office systems.

Here are five suggestions about how you can increase Cloud Security and safety.

Decide what is to be available on the Cloud

Not all corporate and personal data needs to be accessible from anywhere, and at any time.   Sensitive information or information that does not need to be shared shouldn‘t be uploaded.  The only exception to this rule could be if cloud storage is being used as part of a Business Continuity plan to support off-site backup.  In that case, consider other techniques like encryption.

Due Diligence for Public Clouds

You need to understand the user agreement between yourselves and the MSP before signing it.   You need to be sure that a managed service provider (“MSP”) has implemented proper and sufficient data security measures.   Often, the agreement doesn’t receive the detailed scrutiny it needs, but you need to understand your and the MSP’s obligations about data security and the consequent policies and procedures that are put in place.  You also need to specify redress for any data loss, and how to go about getting it.

One aspect that is often overlooked is regular operational reviews and if necessary, updates to the user agreement.

Encryption

Even in the most secure environments, your data will be hacked at some time or another.  The best protection is to encrypt the data you send to the cloud.  However, having said that, a quick scan of the Internet shows that there is a multitude of applications that claim to be able to open password encrypted files or provide you with the password.

The way around is to use encryption software that offers a stronger level of encryption than a password-protected Zip file.   This may be a proprietary encryption algorithm.  However,  be aware, that you are now dependent on it to recover data should you need to.

A more recent service offered by MSPs is that of an encrypted cloud service.  In this scenario, the MSP provides both local and cloud-based encryption and decryption.

Vigorously enforce policies and procedures

The biggest risk in any IT environment is password management.  Informed opinion is that 90% of all passwords can be hacked in seconds.

An organisation needs to implement policies and procedures to enforce the use of strong passwords and regular password changes.

Use a VPN or multi-factor authentication

Organisations must restrict access to internal systems to authorised users only, and as far as is possible block ports and other entry points that are not needed.   A secure VPN with a client-based element is an essential component.  Multi-level authentication canals oroide a second layer of protection.