used with permission from Microsoft Secure Blog
As cloud computing and the Internet of Things (IoT) continue to transform the global economy, businesses recognize that securing enterprise data must be viewed as an ongoing process. Securing the ever-expanding volume, variety, and sources of data is not easy; however, with an adaptive mindset, you can achieve persistent and effective cloud security.
The first step is knowing the key risk areas in cloud computing and IoT processes and assessing whether and where your organization may be exposed to data leaks. File sharing solutions improve the way people collaborate but pose a serious point of vulnerability. Mobile workforces decentralize data storage and dissolve traditional business perimeters.
SaaS solutions turn authentication and user identification into an always-on and always-changing topic. Second, it’s worth developing the habit—if you haven’t already—of reviewing and adapting cloud security strategy as an ongoing capability. To that end, here are eight key questions to revisit regularly, four of which we dive deeper into below.
Is your security budget scaling appropriately?
Security teams routinely manage numerous security solutions on a daily basis and typically monitor thousands of security alerts. At the same time, they need to keep rapid response practices sharp and ready for deployment in case of a breach. Organizations must regularly verify that sufficient funds are allocated to cover day-to-day security operations as well as rapid, ad hoc responses if and when a breach is detected.
Do you have both visibility into and control of critical business data?
With potential revenue loss from a single breach in the tens of millions of dollars, preventing data leaks is a central pillar of cloud security strategy. Regularly review how, when, where, and by whom your business data is being accessed. Monitoring whether permissions are appropriate for a user’s role and responsibilities as well as for different types of data must be constant.
Are you monitoring shadow IT adequately?
Today, the average employee uses 17 cloud apps, and mobile users access company resources from a wide variety of locations and devices. Remote and mobile work coupled with the increasing variety of cloud-based solutions (often free) raises concerns that traditional on-premises security tools and policies may not provide the level of visibility and control you need. Check whether you can identify mobile device and cloud application users on your network, and monitor changes in usage behavior. To mitigate risks of an accidental data breach, teach current and onboarding employees your organization’s best practices for using ad hoc apps and access.
Is your remote access security policy keeping up?
Traditional remote access technologies build a direct channel between external users and your apps, and that makes it risky to publish internal apps to external users. Your organization needs a secure remote access strategy that will help you manage and protect corporate resources as cloud solutions, platforms, and infrastructures evolve. Consider using automated and adaptive policies to reduce time and resources needed to identify and validate risks.