That same data can also be subject to privacy laws, such as the European Union’s General Data Protection Regulation beginning in 2018. Therefore, it’s critical that you make sure all data is securely encrypted.
Because remote access to cloud services is the new normal, the security of data stored in the cloud also relies on the ability to reliably identify users. Security teams should not assume that a user with the right credentials is authorized. Other authentication processes such as two-factor authentication, anomaly detection, and geolocation can all help make access to cloud services more secure and should be used when they do not overly burden workflow.
3. Create policies and educate users
Moving applications to the cloud gives security teams the opportunity (some might say obligation) to extend their policies outside the corporate network. Because any employee with a credit card can deploy a new cloud service, you need policies that are flexible and technology that can detect unsanctioned services—more commonly known as shadow IT.
Whether data is stored on premises or in the cloud, the same overall policies should apply. While complying to regulations is an obvious starting point, your cloud policies need to ensure security and not just compliance.
Robert Haynes is a solutions architect with over twenty years experience in IT. Starting at the bottom as a helpdesk analyst, his lackluster career has lead him through UNIX systems administration, backup and storage, and finally application networking. Having supported, designed, and sold complex IT systems across a range of industries and a number of continents, Robert’s focus is always on the practical implementation and real world use of technology. While this may seem utterly at odds with his current role in marketing for F5 Networks, he likes to think that he is primarily employed to bring balance to the Force.
Robert holds a B.Sc. in Applied Biology from the University of Wales College Cardiff, and a certificate in “Avoiding Collisions While Backing and Parking” from the Driving Dynamics Interactive Advanced Driving School, the latter of which has proved considerably more useful than the former.