Data is one of the most prized possessions of the corporate world today. With the adoption of cloud, data security remains one of the top most concerns for the companies around the globe. The way data is stored, shared, collected, encrypted, searched & archived is critical to its security. Also the proliferation of mobile devices is causing security nightmares for companies. A proactive strategy around data protection and security is required to circumvent the breaches. A look at some of the best practices for data security on cloud:
1. Data Encryption :
The data that is stored on the servers should be encrypted. The sensitive information should be protected at both software & hardware levels making it hard for attackers. The US government uses advanced encryption standard to protect its classified information.
2. Authorisation :
Any application should be accessed only by authorised users. Stringent measures should be taken to authenticate the users. The authorisation and access control systems must be designed to report any anomalous activity.
3. Privileged Access to Data :
The authorised users for any application should use information meant for them. The users shouldn’t be allowed to view any information that is not related to them. The application should run and provide the least privileges to users. Customers should be able to take control on access control to determine what & how things are accessed by users.
4. Audit trail of applications :
Any application which has a large number of users is susceptible to misuse and risk. It is essential to have systems in place to have an audit trail of changes that happen in the system. For e.g. any activity where purchase orders are approved should be recorded. The usage logs should be maintained to track the user activity, log-in details, audit trail of what & when data was changed. Proactive notifications around aberrations should be sent to concerned authorities to boost security measures.
5. Data transfer over Internet:
Data that travels over internet is liable to be attacked. The information which is sent over internet should be encrypted and sent over secured connections. The SSL (Secure Sockets Layer) creates a secured communication channel between the Webserver & the web browser to protect information that travels over internet.
6. Session Management:
Sessions are user interactions tracked by the server. These sessions store user information, identity, DB result sets etc. Applications should terminate all sessions if they are idle. Sessions should expire after user closes the application to prevent session stealing. The attackers should not misuse idle sessions for breaching account information.
7. Security Best practices for:
a) Unusual activity notifications
Alerts should be sent to users for any unusual activities like log-in from a different IP address, location or browser. These anomalies should be notified to the user immediately.
Session cookies must be passed on secured connections. The session should make use of secured channels. Sensitive information like passwords etc, shouldn’t be stored on cookies.
c) Input Validations
All input parameters should have proper validations. The input fields where users enter information like Name, Phone number etc should clearly verify the data. Attackers are known to misuse these input fields & write SQL queries to fetch critical information using them. Proper input validations prevent these SQL injections.
8. BYOD Security:
Most companies are still figuring out the best strategy for mobile devices. With the Bring your own device culture, companies now need to devise strategy on how data should be accessible. Which data should be transferred on person devices from servers? What data should be accessible by users on their personal devices? When should data be removed from personal devices? These are some of the questions that should be addressed for corporate data governance for mobile devices.
9. Disaster Recovery Plan:
Cloud servers need to provide business continuity and data recovery options for businesses. Your cloud hosting should ensure that the data is well backed-up and has a good disaster recovery plan in case of an emergency. A secure data back-up plan is crucial for disaster recovery. Data can be backed up on secondary sites using high speed networks, incase of disasters like earthquakes, floods etc. back-up data can be used to resume operations for business.
10. Physical Monitoring:
The physical location of your cloud servers should be monitored. The area around your data center & servers should be protected & secured. The surveillance should ensure proper logs of the movement & restricted access to the data center. The cloud service provider should ensure compliance & secured environment for your corporate data.
Technology & Digitisation is shaping the future. The way companies use data is playing a key role in their success. Whether it is on premise or cloud based data, security threats are always looming. Data breaches, loss and hijacking threats are things that businesses need to proactively guard against. Moving to cloud is inevitable for organisations that are looking for growth. However, they need to prepare themselves with best security measures to have fool proof control of their data. Due diligence in protecting your data can help your business to mitigate security threats.