Why 'Bring Your Own Cloud' Forces IT to Take Action

How safe is your data? The answer can mean the difference between growing your business and going out of business.The recent theft and release of celebrity photos is a reminder that even high-profile cloud security systems can still be vulnerable to breach. It’s important for consumers and businesses to understand the security protocols that can keep both personal and professional information accessible yet still private.

Businesses use cloud-based storage for solid reasons: cost, scalability and ease of access. But consumer solutions brought in by their employees (call it BYOC or “Bring Your Own Cloud”) allow workers to share often sensitive data to cloud-based programs that offer insufficient protection from threats like PRISM, Heartbleed and most recently BASH.Your business data deserves an enterprise-class sharing and storage solution that offers flexibility while also providing layers of security. Reputable vendors will offer four must-have features:

• Secure access to files both in the cloud and on premises
• Layered security using encryption (both at rest and in transition), SSL and TFA as well as compliance with regulations pertaining to your industry
• Advanced authentication and native MDM (Mobile Data/Device Management)
• Integration with complementary solutions from technology partners

Regardless of security, some data is simply too sensitive to live in the cloud. There are two things to look for to reduce errors when data is manipulated, save time and retain full control and visibility. First, a reputable vendor will help design a tiered system that evaluates the risks and offers options for sharing and storing that does not use the cloud. Secondly, the security that is on the cloud—permissions, authentication, etc.—should integrate with the on-premises solution so that IT doesn’t have to rebuild it, and can manage it from a single pane of glass.Every system, whether enterprise or consumer, should offer the following built-in protections:

• Email Notification: After “Celebgate,” Apple instituted this. Users receive alerts when their passwords or email addresses are changed. When a user attempts to reset a password or is locked out as a result of too many failed login attempts, admins are notified. Alerts should also go out when new devices are used to access an account.
• Two-Step Login Verification: Accounts should be configurable to require a second authentication factor when a user logs in. This can be a phone call, push notification to a smartphone, or a passcode sent via SMS.
• Lockout: After a specified number of failed login attempts, a user account should be locked out either for a specific duration or until an administrator manually unlocks the account.

Your data (or data belonging to your clients) deserves to be as protected as possible from security breaches. Make sure that your vendor is offering the latest safeguards before trusting your information to a cloud-based system. To ensure company-wide engagement, these safeguards shouldn’t restrict end-user capabilities to share information in and out of a company, nor should they weigh down the user experience.IT’s challenge is to implement policies that protect company data - a critical business asset - without reducing collaboration and productivity.*The original post appeared in infoTECH Spotlight.