How Do I Secure the Cloud?

Cloud security spending has been growing at an annual rate of 28% according to Forrester Research. By 2021, cloud security spending will be at $3.5 billion. Some of the biggest spenders are the financial and healthcare industries. The Forrester report states, “We expect most companies to look to commercial off the shelf solutions for their cloud security needs.” These off the shelf solutions are becoming more and more available as the cloud security market expands, but not all companies have made the move to secure the cloud. (Cloud security spending to hit $3.5bn by 2021, says Forrester  By James Bourne).

According to Donald Meyer, head of marketing, data center, and cloud security at Check Point Software Technologies,

Healthcare organizations invest a lot of money and time in building out a very robust infrastructure to protect physical networks they own, but when they move to the cloud, they tend not to bring those same technologies over.

Most companies are very strict when it comes to the security of their static physical networks but let their guard down when they move to the far more dynamic cloud networks.

What can healthcare and other industries do to ensure that the cloud is secure? There are some common-sense solutions, tried-and-true best practices, and new technologies that increase cloud security. The human element has always (and will always) be a major security risk factor. The most basic attacks can come from social media and spear phishing campaigns. This is where common sense can be your best friend. Don’t click on anything from an email address that you do not recognize. If you recognize the email address but were not expecting an attachment or link, then don’t click on it. Spoofing an email address is fairly simple, so attackers can pose as anyone from the CEO to a secretary. If you see a suspicious attachment, give the emailer a call and ask about the attachment, just to be safe.

Users should change their password frequently and make it sufficiently complex. We wrote an article last July that discusses password best practices. Users should also ensure that they access the cloud from a secured location. Open Wi-Fi networks can be a cybercriminal’s best friend.

While many hack attempts come from social media and spear phishing, more sophisticated cybercriminals probe the internet for IP addresses that come from cloud providers. They then test for vulnerabilities in security protocols. If they find an opportunity, then they begin planning their attack. To protect against these attacks, a system designer needs to be ever-aware that the security protocols are being designed for the cloud and not a static network. This is important since the best cloud security systems are both dynamic and elastic. Meyer discussed some best-practices for cloud security:

You don’t want something manually intensive because it will slow down the cloud in what it is best used for. So you don’t want to be locked into a technology that will hinder the ability of the cloud to deliver its great benefits, or, at the same time, open you to malware being able to propagate itself within that cloud and potentially find a way to get back into your offices.

Healthcare CIOs and CISOs should be able to see everything from a single point of view for consistent enforcement no matter the location. (The Secret to Cloud Security: Elasticity By Bill Siwicki).

The cloud security industry allows companies to build on the compliance requirements that are already in place for data storage facilities and many cloud providers offer third-party security audits. Those companies that invest in cloud security can take advantage of the numerous benefits of the cloud. First and foremost is the scalability that the cloud offers. The cloud has a low initial investment cost, efficient resource utilization, and usage-based costs.

Moving to the cloud should not be a scary experience. With the proper precautions and the right expertise, your business can transition to the cloud comfortably.