11 Ways to Protect Data in the Cloud
-
11 Ways to Protect Data in the Cloud
A plethora of security breaches and a recent ruling on protecting consumer data make data protection in the cloud more crucial than ever. -
Conduct a Cloud Business Risk Assessment
The first step to make informed decisions about the risks and benefits of moving to the cloud is understanding the risk factors that can increase exposure to data theft and insider threats. -
Craft Service Level Agreements
To meet your security and regulatory compliance needs, protect your organization's reputation and liability from data loss (leakage) or abuse. So craft SLAs. -
Know How Security Management Roles Intersect
Because control over software is now a purchased service, a process for making edits or updates to security systems or bug fixing can result in challenging business issues if there is a flaw. So map responsibilities for incident response. -
Require Validation of Security Controls
Working with a cloud provider who undergoes regular external security assessments can help you ensure ongoing compliance with agreed-upon data accessibility rules, data center controls and encryption standards. -
Review the Disaster Recovery Plan for the Cloud
Mirrored data and architectural resilience are good fundamentals, but you should also require a real-world demonstration of how the restoration process would work in case of a disaster. -
Prioritize Identity Management
Limit unauthorized access to data and applications to establish a sound data protection strategy. -
Understand Data Integrity for Critical Assets
Virtually separating customer's data while using the same hardware and physical facilities can create compliance and privacy issues that clash with security standards. It helps to understand data integrity for critical assets. -
Develop a Data Lifecycle Management Process
Establish clear data ownership, return and deletion requirements to avoid the risk of losing control of sensitive information. Although having a plan to destroy data in the cloud is critical for information assurance, it is rarely discussed before signing SLAs. -
Document Security Processes
Assign roles and responsibilities to ensure smooth and effective management of security controls and best practices. -
Strategize Your Incident Response
CIOs often focus on technology and forensics and don't plan their public affairs and communications responses. To avoid loss of customer trust, include a communications and marketing expert in your planning. -
Plan Your Exit Strategy
To avoid business disruptions, cloud exit strategies should include technical planning for alternative data hosting, applications and holistic organizational change management strategy.
The recent avalanche of security breaches is forcing CIOs to establish new due diligence priorities to protect business data in the cloud. This is an especially timely issue, given the FTC's recent ruling, which affirmed its authority to bring action against businesses that fail to adequately protect consumer data. Traditional and familiar risk management frameworks for on-premise technologies have established processes, accreditations, certifications, governance and compliance rules, but documenting compliance with cyber-security safety standards is especially challenging when data is hosted in the cloud. The convergence of big data management, BYOD and other enterprise technology trends are only compounding the challenge. Maria Horton, CEO of EmeSec, a cyber-security company specializing in cloud security, offers the following recommendations and best practices for cyber-insurance considerations and data protection in enterprise cloud environments.