Cloud security tips: Beware of endpoint vulnerabilities
Think cloud solution security, and most of us think about back-end security.
In fact, all sorts of cloud security questions will come to mind. For example, how secure is the access control and physical surveillance for the data center? Does the data center have strong fault tolerance for its server infrastructure? Does the cloud provider have good encryption and data partitioning technology to shield client data?
Sure, these are all important factors in cloud security, but they leave out one weak point: people — the everyday users of the solution. Yes, if users aren’t educated around security best practices for connecting to cloud solutions, your business can be compromised.
Here’s a short list of questions to ask and vulnerabilities to be aware of:
- Is anti-virus and security software installed and maintained on the various devices users leverage to log onto the cloud solution? You can have the best security on the back-end, but if keystroke loggers or other malware latches on at the device level, business data is put at risk.
- In the mobile era, people are logging on to cloud solutions at coffee shops, restaurants, and at home WIFI networks. It’s important for users to realize that use of an unsecured wireless network is a risk and must be avoided.
- Are users being allowed to set up passwords to cloud solutions that aren’t strong enough? Are they simply repeating the same password they use for other sites?
These are all common, behavior-related vulnerabilities that can be addressed by better education and training.
So, don’t get too wrapped up on the back-end security features of your cloud provider or the co-location data center and forget about these vulnerabilities at the end points.
In some cases, it might take more than user training to protect the end points to the level you want. For example, perhaps some power users should be issued tablets, laptops, or other devices by the company so that IT staff can manage the devices and ensure end point security is rock solid. Perhaps you should work with your cloud solution provider to make it impossible to configure a weak password, or even make it necessary to use two-factor authentication to log onto the system -- a safeguard used by the likes of Microsoft, Amazon, Apple, and many others.
At some companies, access to cloud solutions is being handled through a corporate network infrastructure which then connects to the cloud solution, providing an extra layer of security.
Hackers and other threats will take the path of least resistance. That’s why protecting the end points is so important. The data center used by your cloud provider can have a locked metal cage and a guard protecting the solution’s servers. But if an employee’s device is easy pickings, that’s all it takes to put the entire business data at risk.
Bottom line: treat the end points to the cloud as an extension of your enterprise. Make sure your users are educated on the security measures they should be taking, while you take additional safeguards beyond just the training, such as enforcing stronger passwords.
Remember, that the cloud model is great for productivity, collaboration and more, but requires a common sense approach to security -- at multiple levels.
Do you agree?