Your Cloud provider isn’t the only one with responsibility for the security of the information and applications your enterprise depends on. When it comes to security in the Cloud, it’s a collaboration between provider and customer.
After all, there are limits to a Cloud provider’s reach. For instance, if your employees use compromised web browsers to access data in the Cloud, your provider cannot be blamed.
So when using Cloud services…
- Regularly perform a thorough evaluation of your own IT security. You need to understand your infrastructure and application vulnerabilities , which can change quickly and dramatically, and be sure that all of your security controls are in place and operating properly.
- Pay attention to user authentication . You can start by defining and enforcing strong password policies; use self-service password reset functions first to validate identities. Consider using federated authentication (you authenticate your users locally, then pass some type of token to the Cloud service granting access for that user).
In addition, match authentication options to the risk level of the Cloud services being used — and authenticate all users with at least a username and password. You’ll also want to require enterprise administration capabilities for all supported authentication methods, especially the administration of privileged users.
- Develop a risk mitigation plan and document it. If you have a plan already in place and you’ve already trained employees about risks and how to respond to them, you can respond quickly and effectively should issues arise.
- Monitor Cloud service performance rigorously. This is how you and your Cloud provider will recognize any security threats early and deal with them quickly.
Next time: What you need to know to do Cloud data backup right.