Top 4 tips to secure your business in the cloud
Accountability for security
“Every business using a formally adopted cloud service must have someone who is accountable for managing it as an administrator, monitoring usage, and controlling access. Many common security mistakes we see at companies are preventable. They include not revoking access for terminated employees or configuring only a single administrator account — creating a single point of failure when that employee leaves. It’s important for companies to have robust and timely de-provisioning processes with backups in place for all system administrators,” said Patrick Heim, Head of Trust and Security, Dropbox.
Choose a certified provider that’s committed to customer security
“A major factor in cloud security is ensuring that the chosen cloud provider is committed to customer security. This commitment can be tested by the certifications the provider has – a cloud provider who’s strongly aligned with values of customer trust and security will generally have independently audited certifications such as ISO 27001/27018, AICPA SOC 1/2/3, Cloud Security Alliance STAR, PCI, etc. Other positive security indicators include security bug bounties, penetration tests, red teams, and other third-party scrutiny that demonstrate a cloud provider is going beyond the basics and truly committed to providing a hardened service,” said Heim.
Be smart about passwords
“Using the same password across multiple accounts and online services makes it easy for users to remember login details, but the massive downside is that it may only take one data breach for attackers to access every aspect of a user’s digital life. Hackers are savvy – if they get their hands on stolen log-in information, they immediately test it on popular cloud services, online banks, and other resources. To avoid this, roll out a password management tool such as 1Password, as these services help balance long, complicated passwords with human usability,” said Heim. “At Dropbox, we take password security so seriously that we reimburse employees if they implement 1Password for their personal accounts.”
Implement hardened authentication (beyond passwords)
“Though strong passwords are important, they are not the end-all to protecting online accounts. Using the same password across multiple providers results in far more account compromises than simply using weak passwords. Companies should require employees to use standards-based “SAML” single sign-on and turn on two-factor authentication (2FA) wherever supported,” said Heim.
