Sep 04 2018
Cloud

4 Cloud Security Mistakes for Businesses to Avoid

As enterprise computing moves to the cloud, IT professionals must avoid these common security pitfalls.
by

Mike Chapple is associate teaching professor of IT, analytics and operations at the University of Notre Dame. 

As businesses of all sizes move computing resources to the cloud, new security concerns require careful attention and planning.

Here are four of the most common security mistakes that organizations make as they adopt cloud services, and ways to avoid them:

1. Don’t Publish Sensitive Business Information

Cloud services make it easy to collaborate with other organizations and share information at the push of a button. That convenience can also spell disaster if an employee accidentally publishes sensitive information to the web.

To avoid that, take care to clearly understand access control settings that may allow public access. Put a speed bump in the publishing process, such as a prompt that reads “Are you sure you want to publish this publicly?”

Sometimes going all-in on cloud isn't the best option. Check out how hybrid infrastructure can offer organizations the best of both worlds.

2. Avoid Unvetted Cloud Security Solutions

Ease of adoption is one of the key selling propositions for cloud services. They can be so easy to adopt, in fact, that employees sometimes discover new services and use them to store and process sensitive information without appropriate vetting.

Combine user education efforts with monitoring approaches that watch for the use of unvetted services.

3. Watch Out for Weak Encryption

Organizations using ­nonsecure encryption protocols risk attackers discovering sensitive information. Ensure cloud providers not only support strong TLS-based encryption using secure ciphers, such as AES, but also explicitly block the use of nonsecure ciphers.

Using outdated technology, including the SSL protocol and DES cipher, is almost as risky as not using any encryption at all

4. Guard Against Poor Incident Response

When an organization hosts its own services, responding to a security incident is within its control. If the breach occurs at a cloud provider, things become much more complicated.

Work with cloud providers to ensure contracts include specific language about when the provider will notify you about security ­incidents, the response procedures they will follow and the types of information they will share. 

loongar/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now