Companies, especially small businesses, are moving their information out of data servers and into the "cloud" at a rapid pace. But how safe is information in the cloud, and what additional measure of precaution should small businesses consider? There are practical security measures business owners and IT staff should take to prevent security exposure in this developing realm.
Three vectors for threats emerge when a company transitions from a server to cloud-based computing. End-user devices are the most vulnerable, but also with the most controllable for businesses who want to alleviate risk. Other entry points for threats occur in transit and in the cloud itself.
End User Devices
More often than not, individuals do not have the resources, patience or time to assess and counter all the security weak spots, making this area the greatest threat. At the same time, it is the area we have the greatest control over. There are some things you can do today to empower your devices.
1: Set a password or pattern lock on your computer, phone or tablet.
* Set the complexity with a mix of upper/lower case, numbers and/or symbols.
* Set the device to lock after a period of inactivity. One to two minutes on a phone or tablet, 10 minutes or so on a computer.
* Change it periodically. Every 90 days or so, even if only changing one digit.
2: Setup systems to locate your devices if lost or stolen.
* Use iCloud's "Find my iPhone" tool (www.icloud.com).
* For Android, use ww.avgmobilation.com or www.LocateMyDroid.com.
* Windows Mobile can be located using www.windowsphone.com.
3: Consider procedures and systems to lock or wipe your devices remotely.
* Supply employees a company phone or tablet. Personal devices used in the work place raise the issue of; can you reclaim or purge your data on a terminated employee's personal device?
* The web tools above allow the remote wipe of those devices.
* Likewise Microsoft Exchange Email Servers have built-in tools perform remote wipes.
4: Build a culture of privacy and confidentiality.
* Implement technology acceptable use policies.
* Have employees sign non-disclosure agreements.
5: Encrypt your device
* BitLocker is built into Windows 7 Ultimate and Enterprise Versions.
* PGP Whole Disk Encryption is for both Mac and Windows.
* Phone encryption is an issue fairly well handled in this PCWorld article: www.pcworld.com/article/242650/how_to_encrypt_your_smartphone.html
6. Share files using an online service that offers encryption, both in transit and when stored online, such as www.sharefile.com.
7: Keep your anti-virus up to date.
* Anti-virus is not perfect, but even if it can't remove a virus, it may still alert you that it is there.
* www.avg.com offers a free version for home and personal use. If you are using it for the office, please spring for the business edition!
Transit & the Cloud
Outside of your end user devices, the risk of data being compromised is relatively low. In transit, the prevalence of data encryption is high. If data is sniffed (electronic eavesdropping) in transit, it is often due to poor practices on either the cloud end, or more often the user side. The biggest risk in transit is inaccessibility due to outages, and these are usually temporary.
In the cloud itself, cloud providers are generally secure, and the risk of housing your data is low to moderate. Providers tend to be larger and have significant resources to protect your data. They have the policies and procedures in place to build a culture of professionalism, and by extension, security.
Overall, transitioning to the cloud is a secure and smart move for small and medium businesses. If business owners and IT staff do their part in maintaining optimal security standards, companies will flourish on this new platform.
Tim Erlach is the founder and co-owner of Erlach Computer Consulting (ECC). Since 1998, ECC has provided small and mid-size businesses the information technology management to run their workplace at efficiencies unmatched by typical in-house or part-time IT staffs. It's Web site is www.erlach.com.
