Cloud Security | Internet Security | Risk Reports | Sage Pay

Cloud security tips for SME’s

Red Tape
Red tape is a reality, but technology can help ease the burden
21 August 2014
Eastern Region Properties logo
Eastern Region Properties
10 October 2014

Information security is top of mind for SMEs as they rely more and more on digital services and applications to get their work done. Many are turning towards cloud-services to reduce IT infrastructure costs and to turn patching applications, securing data and running servers into someone else’s problem.

While it is true that a good IT cloud service provider will host its applications in a far more secure environment than most SMEs could afford themselves, relying on the cloud does not let you completely off the hook when it comes to securing your data.

In this case, I’ll be talking mostly about public cloud services – applications that you buy and use as a service across the public Internet rather than managing and hosting them in your own server room. Let’s consider two elements of cloud security you should be thinking of as an SME: what your service provider should be doing to protect your data and what you should be doing.

Choosing the right provider

When you’re selecting a service provider, you should look for a company that has put a range of processes and policies in place to secure its infrastructure and data from information security risks. Luckily, the data centres at most reputable Internet service providers keep these basics covered because it’s their core business to do so.

Some examples of the things your service provider should do to protect its infrastructure (and your data) include the following:

  • It should have multilayered networks, good firewalls and a vast amount of bandwidth so that it can cope with attempted Denial of Service (DoS) attacks.
  • It should also have processes and policies in place to keep all server, application and network software up to date so that it protects itself from known vulnerabilities.
  • There should be strict access controls – physical and digital – so that only authorised people have access to the data, applications and infrastructure in the data centre.
  • It should conduct regular vulnerability scanning and penetration.
  • The applications should be designed with best practice in mind.

How you should keep your data safe

If you are a user of cloud services it is important to remember that you are accessing this resource through a public network. You probably only have one way to authenticate yourself and that is with a username and password.

As such, you should ensure you have a strong password that is difficult to guess, but easy for you to remember. It is just as important to change your password periodically. You must also take care not to let your password fall into the wrong hands.

You should not have this information in an easily accessible file on your computer, nor should you write it on a sticky note that you paste on your screen where everyone can see it. In addition, you should run good antivirus and antimalware software. It may seem that these are the same thing, but they are not. Make sure they are reputable and have the latest updates and definitions installed.

The next important factor is how you communicate with the cloud. This should always be with a certificate in place. The certificate should be valid for the appropriate vendor of the service, should not be expired, and must be issued by a reputable certificate company.

Lastly, make sure that the product you are using is being offered by a reputable vendor and that when you are accessing this product, you are actually communicating with that vendor. Be wary of phishing scams and other techniques hackers use to access cloud traffic.

Closing words

Provided you partner with the right service provider, using cloud applications will take care of many of the security challenges you’d face running your applications in-house and on your own servers. However, you should also take care to access the PCs and networks in your own workforce that you will use to access software from your service providers.