Organisations are rapidly moving toward cloud-based applications for many of their business processes, from sales and marketing management to customer relationship management, to accounting and billing, to training, and more.
According to SiliconAngle, more than 60% of businesses use the cloud for IT applications, and the global market for cloud computing is expected to reach more than $79 billion by 2018.
This movement is largely due to the vast number of benefits provided by the software-as-a-service (SaaS) model, not the least of which is that it gives all companies access to the type of software that in the past only large corporations could afford.
Although by and large the top SaaS vendors adopt and conform to very high standards of security and compliance, recent security breaches, like the Sony email hack, bring into focus the importance of ensuring that any information put into the cloud is as protected as possible.
Here are five tips for keeping data secure while using cloud-based applications.
- Choose your SaaS provider carefully
No matter what type of application you are looking for, you have a lot of choices. A good chunk of cloud-based software security lies in the hands of the vendor, so choose wisely.
In particular, look for a vendor that provides password-protection and user controls that limit access to sensitive data, and if possible some sort of data encryption. Ask the vendor where and how the data is stored and how the backup and recovery process works.
Finally, look for evidence that the vendor is reliable, for example, by asking for references – most vendors are very happy to share their list of satisfied customers.
- Create a cloud computing policy
A cloud computing policy specifies who can access the software, for what purposes, and in what circumstances. It specifies how users are managed and how employees are allowed to use the software (e.g. can they access the system via a personal mobile device or only on their work computer?). IT Manager Daily has a simple cloud computing policy template that can help you define the scope and details of your policy.
- Don’t put ultra-sensitive data onto the system
While one of the main benefits of using cloud-based software is its ability to integrate seamlessly with other applications, thus providing a centralised user experience for many functions, it doesn’t follow that all of your data should be stored there.
If it isn’t necessary for sensitive data – such as personal or proprietary – to be online, store it on your local server instead.
- Employ all standard internet security measures
While the vendor is responsible for providing much of the data security, you still need to take precautions on your end. Use standard Internet security measures, like running antivirus software and ensuring that all of your employees select sufficiently strong passwords.
You should also implement a secure protocol for password recovery, especially if your employees will be accessing the system from personal devices or while they are off-site.
- Audit the security controls regularly
Security audits should be performed regularly. There are various standards for SaaS audits, depending on the type of application, and ideally the vendor will hire a reliable third party to complete the audits, and then share the results with you. In addition, you should have a third party or an internal team audit your software implementations on a regular basis.
Like other security endeavours, cloud computing security is somewhat of a race – software providers are constantly working to stay ahead of potential hackers. Use these five tips to ensure that your organisation is also ahead of the game.
By Ben Rossi