Protecting our data in the cloud requires strategy. As cloud adoption rapidly increases among SMEs (small and medium-sized enterprises) and professionals, we find our business’ core operations effective, efficient and agile, improving our customer service.
We can’t deny that the cloud services offered to us have enhanced our infrastructure. Whilst we are provided with enumerable ways to maximise the resources, particularly for anyone who wishes to venture a new business can scale and reduce their overhead and maintenance costs.
However, as we enjoy the seamless collaboration and business agility, we must also be aware of the security, privacy statements and compliance requirements. Whether we use the cloud for online storage, web hosting or app development, our knowledge (and applying the checklist) to secure our data, will save us from data theft, breaches, and even downtime.
Identification and Authentication – It’s highly recommended to use a formidable authentication method when accessing accounts such as the two-factor authentication from the cloud service. Always remind everyone to use strong passwords for different accounts. Tight security such as using your fingerprint or a digital certificate to prove the person’s right to access any information will also help to secure data. Staff should regularly change their passwords when accessing cloud services and immediately delete users’ accounts after contractual projects are completed.
Cloud Administration – Appoint a competent and technically skilled administrator to oversee the cloud, who understands the basic features. Create policies on accessing accounts when they use it. For the whole department, you may conduct security awareness training to help them establish a good routine in handling data and passwords.
Data Protection – List down the data you want to store in the cloud and assess them regularly especially if these records should be kept there for long-term. You can also make Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) as your reference and avoid sharing data to unintended parties. If you need to give permission to a staff to access your personal data then make sure you regularly check if they still need access. If not, immediately change the user’s accessibility usage.
Service Continuity – Keep a direct and regular communication with your cloud vendor, so you can contact them in case of security issues. You may develop a contingency plan or a business continuity plan as an alternative if by chance your data will be inaccessible. You should always have an exit strategy for termination procedures if you wish to discontinue the cloud services subscription. Most people, who have become cloud dependent, should still always backup your data in the cloud and within their local network.