The Cloud Security Alliance recently made updates to the Cloud Control Matrix (CCM), which provides organizations with recommendations of the best methods forcloud backup and security. The CCM was designed specifically to help businesses scrutinize and assess the security protocols and methods of cloud providers. It covers many different aspects including security for hardware and applications, data centers, vulnerability assessment and business continuity. This latest version of CCM was upgraded with five new guidelines: key management and encryption, portability and interoperability, accountability and transparency, mobile security, and supply chain management.
Mobile and BYOD security
“Mobile was a natural area to focus new security best practices on because it’s becoming a popular use case for the cloud,” says Sean Cordero, co-chair of the CCM Working Group that helped develop the new guidelines.
One of the guidelines discusses how to create a clearly defined mobile policy, and how to ensure that all workers are aware of each aspect of the policy. According to Cordero, many organizations do not implement a policy that controls the apps and services that employees can use for company duties from their mobile device.
“This has really sprung up from the organic growth of BYOD (bring your own device),” says Cordero. “An executive wants to use an iPad, but then all of a sudden there are questions. Be clear about what the rules of the game are.”
A clear mobile policy should inform workers exactly what data is to be stored on their devices, what data they are allowed to access from their devices, as well as how this data is secured. It should also cover how cloud services and apps can be accessed from mobile devices, as well as how mobile device management (MDM) tools are delivered though software-as-a-service (SaaS).
Data management in the cloud
Businesses should have awareness of how cloud providers will manage their data. If the cloud provider is working with a third-party vendor, the company should have a clear understanding of this vendor’s data and security policies as well. This falls under the new CSA provision of supply chain management, accountability and transparency.
For example, your business may choose a specific cloud provider to handle various aspects of your data management, but that provider may use a third-party cloud service to handle specific aspects of the service, like online backup or file synchronization. This can be a serious security risk if the company is unaware that the cloud provider is using this third-party vendor. Businesses need to be aware of the entire process during the data sync and transfer to ensure that the data is properly secured the entire time.
The CCM provides security policies designed for companies to protect their data from threats. The full list of CCM guidelines and specs can be found here.
Cloud data backup
Data backup is one of the most critical aspects of cloud computing security. If data is accidentally or maliciously deleted, it can vanish forever in the blink of an eye. Many companies believe that, because their data is stored in the cloud, it is protected from any data loss. However, this is not completely true. There have been instances where users with access to the company cloud accounts have mistakenly deleted data that was not discovered for some time. While most cloud services do provide backup and recovery options, they typically limit the time period during which files can be recovered, and in most cases, it’s no more than 30 days. If the mistaken deletion is not found within this time period, the file is unrecoverable. The same can happen if a hacker is able to breach cloud security and delete data. Or if a disgruntled employee access the account and deletes data in an act of revenge for being fired or disciplined. In other instances, cloud providers could potentially disable cloud accounts for violation of ToS. Even if the violation is a false trigger, in some cases data is unrecoverable.
The solution for small businesses to quickly recover lost data is cloudHQ. The cloudHQ cloud data backup service works by replication between multiple cloud services. Here is a list of all of the best cloud service providers that cloudHQ is compatible with- and more are being added frequently!
The process is simple. Once a business has signed up with cloudHQ, synchronization pairing between two cloud services will be set up. Businesses get to choose which cloud services they wish to use for the sync pairs, which files and folders they wish to replicate and location of backup files. Here are detailed instructions on how to set up cloudHQ with compatible cloud services.
Mobile and data security policies should clearly outline all security implementations to eliminate all potential threats, vulnerabilities and possibilities of data loss. Mobile devices can be lost or stolen, and data compromised. Cloud account security can be breached and data can vanish in the blink of an eye. But with the cloudHQ cloud data backup system churning tirelessly away, creating and protecting a complete secondary copy of all company data, businesses can rest assured that data loss will never be a problem.
- box.build: Q&A with Senad Dizdar, CEO of cloudHQ (developers.blog.box.com)
- How to Select a Cloud Provider Effectively (cloudcomputing.sys-con.com)
- What PCI DSS 3.0 will mean for Cloud Service Providers (CSPs) (thethreatvector.wordpress.com)
- Cloud Provider Due Diligence: Protecting Your Data (slaw.ca)
- Gartner Sees Cloud Security Services Surge (techweekeurope.co.uk)
- AWS Introduces New Cloud Security, Mobile, VDI Services (cyberparse.co.uk)
- How To Manage Your Basecamp Projects Like A Pro (cloudhq.net)
- Cloudfinder Launches Cloud Backup for Salesforce v2.0 (prweb.com)
- What PCI DSS 3.0 will mean for Cloud Service Providers (CSPs) (vormetric.com)
- Cloud Computing: From Its Early Years to Its Current State (eweek.com)