Cybercriminals try to hack into corporate cloud services every day – an expert shares nine steps to secure your data

Cloud services enable easy access to data and applications from anywhere, the fast and flexible scaling of resources, and cost savings.  Yet in recent years, a number of cases have emerged in which corporate data has been compromised. Is it safe to use cloud services? 

Kaapro Kanto, Vice President, Network & Cloud at DNA Corporate Business, says that the cloud is fundamentally an excellent and secure solution for managing a company's data, as long as it is used correctly. For example, a costly mistake can be made at the service selection stage. 

“For me, it’s a clear red flag if the service provider doesn’t specify how security will be implemented in the service as a whole, or what industry standards it meets. If the overall picture is not clear or the provider cannot provide a comprehensive security description, I would keep looking for another service provider,” says Kanto. 

Kanto also highlights another problem: when a company does not have a standardised process for procurement and management of its services. In other words, there is no holistic plan how various services integrate into a cohesive architecture.

“Unfortunately, you often see all kinds of point solutions in which the same features have in fact been acquired several times via different services. But they’ve simply not been widely adopted and integrated into the company’s cloud architecture. Each new service must be carefully protected, and users must be trained to use them in a way that does not compromise security,” says Kanto. 

Nine steps to safer cloud services

Cloud service providers invest heavily in security and often offer advanced solutions to safeguard their own services. It is vital to deploy these solutions when procuring services. A euro saved on a service licence can easily cost more in the form of higher risks due to inadequate controls. In order to get the basics right, Kanto lists nine things to consider when introducing cloud computing:

1. Risk management: It is important to identify and assess the risks associated with cloud services and specify how you will manage them. For example, does your company have data that can be exported to the cloud or does it depend on cloud operations and connectivity?

2. Assess the service provider: It’s worth choosing a reliable cloud service provider from the outset – one that adheres to strict security standards and offers comprehensive security solutions. Before choosing a service, you should check the service provider's data security practices to ensure that they meet all the requirements and industry standards.

3. Access management: You must be aware of how a cloud service’s user data is linked to your company’s business processes, and ensure that multi-factor authentication is implemented for all users.

4. Online safety: Even if the services are located in the cloud, you should ensure that access is restricted to corporate network solutions. This increases the security of the service by reducing the attack surface. When connections to services are made through a corporate network, it reduces the chance of criminal attacks.

5. Logging and monitoring: The cloud service must implement comprehensive logging practices, and this log should also be monitored. Monitoring will enable you to detect any irregularities early on, before they have a chance to cause significant damage to the company.

6. Information security principles: It is important to establish and maintain clear security policies that cover all aspects of cloud security. This includes access rights management, data encryption, access monitoring and regular information security audits. 

7. Training and raising awareness: Employees should receive preemptive training so that they can identify and avoid security threats such as phishing and malware. It is also important to raise employees’ awareness of potential threats, so they will know the correct action to take. 

8. Backups and recovery plans: In order to minimise risks, it is a good idea to perform regular backups and ensure that your recovery plans are up to date. This will help you to recover your data quickly in the event of data loss or an attack. 

9. Contracts: Up-to-date contracts with clearly defined roles and responsibilities are also important in cloud computing. They ensure that information security is implemented by the right people. It is also important for these contracts to specify how use of a service will be terminated, in which case the data will be transferred and then deleted from the service.

Media enquiries:

Kaapro Kanto, Vice President, Network & Cloud, DNA Plc, tel. +358 (0)40 059 9020, kaapro.kanto@dna.fi
DNA Corporate Communications, tel. +358 44 044 8000, communications@dna.fi