News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Cloud security tips for SMEs

Information security is top of mind for SMEs as they rely more and more on digital services and applications to get their work done. Many are turning towards cloud services to reduce IT infrastructure costs and to turn patching applications, securing data and running servers into someone else's problem.

While it is true that a good IT cloud service provider will host its applications in a far more secure environment than most SMEs could themselves afford, relying on the cloud does not let you completely off the hook when it comes to securing your data.

In this case, I'll be talking mostly about public cloud services - applications that you buy and use as a service across the public internet rather than managing and hosting them in your own server room. Let's consider two elements of cloud security you should be thinking of as an SME: what your service provider should be doing to protect your data and what you should be doing.

Choosing the right provider

When you're selecting a service provider, you should look for a company that has put a range of processes and policies in place to secure its infrastructure and data from information security risks. Luckily, the data centres at most reputable internet service providers keep these basics covered because it's their core business to do so.

Some examples of the things your service provider should do to protect its infrastructure (and your data) include the following:

  • It should have multi-layered networks, good firewalls and a vast amount of bandwidth so that it can cope with attempted Denial of Service (DoS) attacks;

  • It should also have processes and policies in place to keep all server, application and network software up to date, so that it protects itself from known vulnerabilities;

  • There should be strict access controls - physical and digital - so that only authorised people have access to the data, applications and infrastructure in the data centre;

  • It should conduct regular vulnerability scanning and penetration; and

  • The applications should be designed with best practice in mind.

    How you should keep your data safe

    If you are a user of cloud services it is important to remember that you are accessing this resource through a public network. You probably only have one way to authenticate yourself and that is with a user name and password.

    As such, you should ensure you have a strong password that is difficult to guess, but easy for you to remember. It is just as important to change your password periodically. You must also take care not to let your password fall into the wrong hands.

    You should not have this information in an easily accessible file on your computer, nor should you write it on a sticky note that you paste on your screen where everyone can see it. In addition, you should run good anti-virus and anti-malware software. It may seem that these are the same thing, but they are not. Make sure they are reputable and have the latest updates and definitions installed.

    The next important factor is how you communicate with the cloud. This should always be with a certificate in place. The certificate should be valid for the appropriate vendor of the service, should not be expired, and must be issued by a reputable certificate company.

    Lastly, make sure that the product you are using is being offered by a reputable vendor and that when you are accessing this product, you are actually communicating with that vendor. Be wary of phishing scams and other techniques hackers use to access cloud traffic.

    Provided you partner the right service provider, using cloud applications will take care of many of the security challenges you'd face running your applications in-house and on your own servers. However, you should also take care to access the PCs and networks in your own workforce that you will use to access software from your service providers.

  • About Sven Woxholt

    In his role as Technical Director, Sven is responsible for the technical infrastructure and development of the Sage Pay (formerly Softline Netcash) system within the Sage Group. His key focus is directing his team in the research and development of transactional services offered by Sage Pay. Sven brings extensive experience in the IT and financial sectors and in-depth knowledge in the fields of internet based business solutions and transactional services.
    Let's do Biz