Posted by Kalyani M. on Sep 19, 2013
Small businesses have been somewhat hesitant to switch to cloud service providers, especially after the NSA PRISM program leaks. International backlash threaten many U.S. cloud services, as users are suspicious of governmental citizen espionage. But there are ways for businesses to still leverage all of the cloud’s benefits while securing their data from legal snoops. From better practices onsite to exclusive storage through a secure cloud service, there are plenty of options for SMBs to protect themselves from all sides.
Some businesses are already aware of cloud services that protect user data through strong encryption and zero-knowledge policies, but many still don’t know hot to protect data onsite. Encryption should begin at home through Virtual Private Network (VPN) and TLS (HTTPS) tunnels. Through proactively protecting data before it reaches your secure cloud provider you can ensure that you have all of your bases covered. Don’t let government overreach scare you away from capitalizing on the cloud, with a service that offers data privacy and user anonymity, you can reach the right combination of convenience and security.
Aside from employing a secure cloud and encrypting onsite, there are other ways to help keep your data safe while using the cloud. Gretchen Marx is the manager of cloud security strategy at IBM and recently offered The Guardian six keys steps to protecting your data while using a secure cloud:
1. Know who’s accessing what
People within your organization who are privileged users, – such as database administrators and employees with access to highly valuable intellectual property – should receive a higher level of scrutiny, receive training on securely handling data, and stronger access control.
2. Limit data access based on user context
Change the level of access to data in the cloud depending on where the user is and what device they are using. For example, a doctor at the hospital during regular working hours may have full access to patient records. When she’s using her mobile phone from the neighborhood coffee shop, she has to go through additional sign-on steps and has more limited access to the data.
3. Take a risk-based approach to securing assets used in the cloud
Identify databases with highly sensitive or valuable data and provide extra protection, encryption and monitoring around them.
4. Extend security to the device
Ensure that corporate data is isolated from personal data on the mobile device. Install a patch management agent on the device so that it is always running the latest level of software. Scan mobile applications to check for vulnerabilities.
5. Add intelligence to network protection
The network still needs to be protected – never more so than in the cloud. Network protection devices need to have the ability to provide extra control with analytics and insight into which users are accessing what content and applications.
6. Build in the ability to see through the cloud
Security devices, such as those validating user IDs and passwords, capture security data to create the audit trail needed for regulatory compliance and forensic investigation. The trick is to find meaningful signals about a potential attack or security risk in the sea of data points
Following the six steps laid out above will go a long way in keeping your company’s data safe. Another way that privacy advocates are fighting for your security is in the world of development. Crypton is an open source software project that offers a way for developers to make encrypted cloud-based developments in a collaborative and mobile-enabled environment. According to the Crypton website, “To our knowledge there is no other existing framework that handles all the encryption, database storage and private user-to-user communication needed to build a zero knowledge cloud application.” The company behind this effort to encourage secure app development is SpiderOak, a leader in secure cloud solutions.
Securing Data With SpiderOak
For most SMBs, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private company info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides businesses with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.
SpiderOak protects sensitive user data with 256-bit AES encryption so that data, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, SMBs can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a secure mobile workforce.