Putting security front and centre with cloud services
Online security has been big news recently, with a number of high-profile breaches hitting the headlines. Naturally, stories like these impact on perceptions about cloud services. As a result it’s absolutely essential that the brands and businesses involved in offering cloud solutions get security right, from the start.
Here are a few areas to consider, to help you do just that.
1. What kind of information will you be collecting from customers?
If it’s already in the public domain, it’s less likely to be of huge benefit to a hacker. If it’s immensely sensitive data, like credit card numbers, a whole new raft of legislation comes into play. Then it might make sense to outsource processing to a PCI-compliant 3rd party.
2. Where will that data be stored?
One of the beauties of the cloud is that your data can be physically stored at centres anywhere in the world. The downside is the patchwork of different privacy laws that then come into play. Some providers will let you segregate yourself into a zone or jurisdiction. Either way, it’s important to understand the implications of any decisions you make around storage.
3. Just how well protected is that data?
Hacking is virtually a fact of life these days. That said, there are plenty of safeguards you can put in place. One of the most effective is regular penetration testing. At BCSG, we use an independent, ethical hacking company to seek out vulnerabilities in our systems. It’s one of the best ways of keeping data as secure as possible in the face of increasingly sophisticated hacking methods.
4. How will you help customers keep their details safe?
There are two important areas where your decisions can help customers better manage their security.
- Passwords: rather than sharing sensitive credentials to help people recover a forgotten password, it’s safer to make them reset it instead. It also helps to enforce the strength of passwords. Hackers can easily access the personal information that people use to set passwords because it’s already in the public domain e.g. a child’s name, date of birth, etc.
- Limiting access: a common approach to security in the computing world is known as ‘principle of least privilege’. It means giving users only the access they need to do their job and keeping administrators to a minimum. This approach should be built into the platform’s design.
5. How will you build trust?
Trust comes from reassurance and openness. That means talking about what you’re doing, performing a regular risk assessment of assets, showing that you have the right controls in place and encouraging customers to do their bit too. That way you keep security front of mind, while providing the reassurance that people need if they’re to fully engage with your service.
By considering these key areas, and understanding your options, you’ll be in a better position to put security at the heart of your cloud service offering. The final piece in the jigsaw is finding the right partner who’ll take this journey with you. They should already have the strategies, expertise and policies in place to answer these questions thoroughly, safely and effectively.
If you want to stay up to date with our latest news and articles, then please follow us: