For a small business, storing information on the cloud makes a lot of sense…and dollars. The most common rationale for choosing SaaS is to save money on infrastructure, servers, IT and licensing fees. However, security is a pressing concern in connection with any data that’s out there in the Webosphere.
Hacker attacks are unpredictable and can take a number of damaging forms: data tampering or defacement (the #1 motivation, according to the 2009 Web Hacking Incident Database Annual Report), data theft, denial of access to online information.
Learning to keep cloud-based business info secure is an essential management survival skill.
Before signing up with an online data storage system, check the Collective Intelligence Framework’s open source sites to see whether (and if so, how often) the cloud company has ever been hacked. This will indicate which service providers to avoid.
Know Who You’re Dealing With
Who’s handling your data? Know exactly who has access to your data and what measures they’re taking to protect it. Request the right to audit so that you can verify the security practices actually meet the standards spelled out in your contract. Find out what happens to no longer needed data from your company. Ensure that your SaaSprovider is certified in security standards by the International Organization for Standardization. Above all, pinpoint a human being you can hold accountable if security is compromised; responsibility for breaches is all too easily sloughed off and lost in the clouds, so to speak.
Cloud storage providers can be ingenious but they are not infallible. Furthermore, their primary purpose is to facilitate information storage and access, while security concerns may suggest just the opposite. To take a well-known example, Google states in its Terms of Service:
“When you upload or otherwise submit content to our Services, you give Google … a worldwide license to use, host, store, reproduce, modify, create derivative works …, communicate, publish, publicly perform, publicly display and distribute such content.”
In other words, while you technically retain ownership, Google can do pretty much whatever it wants with your info. So consider encrypting highly sensitive client or financial information.
Just as ‘location, location, location’ is the key formula in real estate, ‘backup, backup, backup’ is a simple formula for protecting your cloud data in case of loss or theft. The trusty external hard drive’s life of usefulness is not over yet.
Chain of Fools
Avoid linking your online accounts, otherwise known as “daisy chaining.” The last thing you want to do, in case of hacker attack, is open the door for them to move through your Amazon account, say, to your email and social media accounts, marauding and pillaging along the way.
Google offers a two-factor authentication system to improve security. When you wish to log into your account, a temporary password is either texted or generated via smartphone app for an extra layer of protection.
Remote Wiping Services – The Dark Side
Use remote wiping services with caution. While in theory these services improve security by allowing you to remotely erase data from your laptop, smartphone or tablet if it is lost or stolen, the reality may be frighteningly different. Hackers can gain access to your wiping service and merrily wipe clean your still-very-much-in-use device. An independent wiping service is safer than one that is part of an SaaS package.
One ingenious tip for protecting password protected accounts is to simply input fake answers to personal questions of the “What was the name of your elementary school?” variety. Then you’ll have to keep track of all your little white lies, but a password manager/wallet will make quick work of that.
Plan ahead. Put a data theft protection program in place before an attack occurs. Even more useful is preparing an action plan, ready to implement should a determined hacker make his way through all the protection you have in place. Once again, encryption is your best friend. Researchers at MIT are currently developing end-to-end encryption that allows information to be used without ever decoding it, for example, by ascertaining whether two pieces of data are identical. This is an excellent means of protection, as it ensures your data is usable only for your purposes and not for malicious intent.