Cloud computing - Small business security

Security and the cloud: A small business guide

Michael Marler Cloud

The numerous advantages of moving to the cloud for small business can often be overshadowed by a concern about the security of modern cloud solutions. While security is absolutely a key issue for small business owners, they often mistakenly view cloud solutions as adding significant risk to their business. When implemented correctly, cloud solutions are normally more secure than their on premise counterparts.

When implemented correctly, cloud solutions are normally more secure than their on premise counterparts.

It’s important to remember the basic facts about cloud software. Cloud software is run and managed by a third-party provider and it is in their best interest to keep you, and your information, secure online.

The bottom line is that cloud computing is a very safe and secure method of doing business in 2015. The companies who host your cloud platforms and data go to incredible lengths to prevent data breaches and unauthorised access, employing teams of security experts and consultants to ensure your critical systems are never compromised.

What are the security risks involved when operating in the Cloud?

While cloud solutions are secure on their own, moving to the cloud does present two new security risks that need to be mitigated.

1. Mobility means that unauthorised access can happen anywhere

One of the biggest selling points of cloud is that it allows you to work and access your data from anywhere, at any time. This accessibility also creates a risk that if, somehow, an unauthorised party is able to login to your cloud service they will be able to get the data they want without having to find a way into your offices.

2. Easy collaboration is a great asset, but can become a risk if not managed properly

The cloud makes it incredibly easy for you to share and collaborate within documents and spreadsheets. This often means giving external users (customers, vendors or partners) access to your live documents. Not managing what permissions and access these users have can result in information being accessed without appropriate authorisation.

Both of these issues extend the risks that already exist in your current IT operations and are easily mitigated with some common sense processes and policies. Below we outline some of these simple policies that can save you a whole lot of headaches down the road.

Tips to secure your cloud systems

You can sleep secure in the knowledge that it is highly unlikely for someone to gain access to your data by “hacking” or attacking your cloud provider’s systems. The most likely source of a security breach is always from within – due to weak passwords or disgruntled ex-employees.

Below are some common sense tips to minimise the risk of security issues within your business.

1. Strong Passwords

Your first (and best) line of defence against unauthorised access.

Passwords should be changed regularly, use numbers and symbols and not be left lying around on post-it notes.

2. Access & Permissions

Users only need access to information relevant to their job role.

With simple file and access permissions, it is easy to ensure that users can only access the data they need.

3. Sharing Priviledges

Use policies to prevent your users from accidentally sharing confidential info.

Create a robust set of policies that only allow users to share documents to certain people or use approval workflows for sharing.

Other important tips – Training and Two Factor Authentication

The chain of security is only as effective as its weakest link. Training and processes are vital to keep employees, and their data, as secure as possible. Remember, the best systems in the world can’t protect your data from a security slip up by an IT administrator when resetting a password or a Director’s password being left on a post-it on their laptop.

Additionally, many cloud providers will provide “Two Factor Authentication”. This means that when you log into the service from a new computer, you are prompted to enter a second code AFTER your username and password. This code can either come from a token or an sms to your phone. While not completely bulletproof, its enough to stop a would be attacker from gaining access to a user’s account if the username and password have been compromised.

2FA google apps security policy

The Bottom Line

Technological advancements always come with a trade-off. Whether it is the costs of re-training or additional time spent focusing on mitigating new security risks, the cloud is still a compelling competitive advantage for small businesses everywhere.

Moving to the cloud can be a daunting prospect, but failing to do so means saddling your business with more costs and the potential to fall behind your more agile competitors.

Share this Post