Since the onset of COVID-19 pandemic, more and more companies have subscribed to public cloud services to support remote and hybrid work arrangements. This means that there is also an increasing amount of company data being stored in the cloud, which makes it vulnerable to cybersecurity risks. This is why your businesses must secure your data in the public cloud. Here are four ways you can protect your company data in the public cloud:
● Encryption – makes plain-text information unreadable to anyone who does not possess the decryption key ● Firewall – monitors and filters incoming and outgoing traffic based on a set of security rules ● 24/7 Threat monitoring – continuous monitoring of network activity and account behavior to detect and block potential threats ● Incident response – analyzes, investigates, and pinpoints the root cause of potential security issues or suspicious activities ● Disaster recovery – enables quick recovery of cloud-based data and applications to minimize downtime and potential data loss in the event of a disaster
Apply encryption on your end
Encrypting at the file level provides a good foundation for cloud security. This is why, on top of leveraging your CSP’s encryption services, it is best to encrypt your data as well before uploading it to the cloud. You can easily apply encryption using third-party tools.
Roll out an identity and access management program
Avoid having shared user accounts — provide all network users with their own account instead. This enables you to identify and possibly block specific users conducting suspicious activities, such as data exfiltration.
Moreover, provide users access to only the company resources they need to do their job. For example, an entry-level HR employee does not need access to the marketing department’s files. By applying such access restrictions, a data thief who takes over the HR employee's account will only be able to steal the data that that employee has access to.
For IT administrators, it is best that they have two user accounts: one privileged account for IT administration and another for their other tasks. An account with administrative privileges can make major changes to the network, so it must not be compromised. One way to safeguard it is by limiting its usage to only IT admin tasks.
Implement password best practices
According to IBM’s Cost of a Data Breach 2021 Report, weak and stolen credentials are the top cause of data breaches. This shows the importance of adopting password best practices, such as using strong passwords. But instead of coming up with a password that contains lower- and uppercase letters, numbers, and special characters, the National Institute of Standards and Technology now recommends using passphrases. A passphrase is a sequence of random, common words that create a nonsensical phrase. Its wacky construction makes it easy to remember for the user but very hard to crack for everybody else. Use passphrase generators or the Diceware technology to create a secure passphrase.
Another password best practice is using a unique password for every account. This way, if one of your passwords gets exposed in a data breach, it cannot be used to access your other accounts or devices.
Since it is difficult to memorize multiple unique passwords, it is best to store them in a password manager. By doing so, you only need to remember one master password to access all of your login credentials.
Finally, enable multifactor authentication (MFA). With MFA, users are required to provide one or more proofs of their identity on top of their password. This prevents unauthorized users from accessing your cloud-based data using stolen login credentials.