Think you’re secure in the cloud? Think again, here’s 6 questions to ask your IT department

Many organisations that choose to store corporate information in cloud environments are doing so under the false assumption that risk and security protocols are all in the hands of their cloud service provider.

Who is responsible for safeguarding corporate information stored in the cloud?

Whilst cloud providers such as Amazon Web Services (AWS) do provide basic security features, the organisation and provider should work together under a Shared Security Model to ensure that sensitive materials are not easily penetrated.

What cloud-based applications are even in use at my company?

Take a look at the various app stores on a mobile device or laptop: Facebook, LinkedIn, Twitter, Box, Salesforce, Office 365 and Google for Work are just a few, but how do you know which of these is being used for work purposes?

With the explosion of cloud adoption and BYOD in recent years, traditional IT departments have had to change the way they audit applications and devices on corporate networks.

Are my employees using their own personal devices to access corporate data, even outside of traditional office hours?

Employees can now work from anywhere and on any device. They can submit a proposal on a train, or glance at emails over breakfast and they have 24/7 access to corporate networks. This causes further problems for IT departments who must now work harder to discover who has access to secure environments.

How can I secure my cloud applications to stop unwanted third parties access my sensitive information?

With more and more incidents of password theft being reported, multi-factor authentication is a widely used and accepted form of verifying a person’s identity.

Multi-factor authentication comes in many forms: a code sent to a mobile phone, a physical security token (RSA, Yubikey) or a security question that only the intended recipient would know the response to.

This does not stop all external threats. Cyber criminals are becoming smarter and are now using legitimate credentials to gain access to sensitive information. However by looking at methods of monitoring user activity, companies can prompt further authentication when something looks suspicious.

Companies are now being held accountable for data breaches, how do I ensure my company meet regulatory compliance standards?

There is not a day that goes by without a headline about a high-profile data breach occurring. There are many compliance standards for different industries: SOX, PCI or DSS for example.

Organisations must be aware of which compliance standards apply to them. Heavy penalties apply if these standards are not met. 

Companies must keep detailed reports of access events, configuration changes, and other critical administrative tasks. Automating this can go a long way towards meeting and simplifying compliance obligations.

Do I have your attention now? It’s what you do next that really matters

Don't just sit idly by thinking these issues do not apply to your organisation.

Gather your IT security team together and take a look at cloud services and applications that are currently/soon to be used by your organisation. Develop a roadmap and start gathering actionable intelligence into cloud application usage and methods of detecting suspicious activities before it is too late.

The Adallom cloud application security platform extends the boundaries of enterprise security into the cloud, allowing organizations to secure data, gain actionable intelligence into cloud application usage and detect suspicious activities, without painful network configuration or endpoint changes. 

To get deep, meaningful, insights on your users, the data they’re accessing, and their activities in the cloud click the link to find out more.

Additional information