If you’ve ever seen the movie Joe Dirt there’s a famous scene where Christopher Walken who plays the character Chem ever-so-wisely states, “The past is past and the future is now.” It’s one of those classic lines that will always live on.
Oddly enough, when it comes to all the business talk about everything (phones, communications, applications, contact centers, business software, etc.) moving to the cloud, the reality really is that it’s no longer in the future, it’s now.
If Cloud is Now, Are You Ready for It?
If your business was ever hesitant to move to the cloud, whether for phone communications or business collaboration and software applications, the concerns over security and control were and are still valid. It may have been the sole reason for not taking the plunge into the modern-era of communications.
After all, if it’s not controlled in your in-house servers, will you be more likely to be hacked? Will you be more likely to lose data? Will you be more likely to get a virus on your network?
However, more and more popular business applications do reside and operate from the cloud, and successfully too. Just think popular CRMs such as Salesforce and Oracle to everyday business software such as Microsoft Office 365.
Plus, beyond day-to-day office and business applications, businesses can now manage networks and security threats in cloud-based software which allow monitoring and control from anywhere at anytime 24x7/365. Add in online software-defined data storage platforms like DataCore and well… you get the picture.
So, if the future is now and we’re partaking in the cloud-based age of business communications, infrastructure, and processes are we off the hook in our concerns with data hacking, viruses via email phishing, or some network vulnerability?
I mean, we’re protected now right?
Not exactly, because while the cloud is someone else’s server, it’s our data and it still is used locally.
That’s why it’s all the more important to protect your business on the ground with best practices that also protect your data no matter where it’s located.
Specific Policies and Procedures
First you should have specific policies and procedures clearly defined for employees to follow that ensure your company is dealing with specific attacks on your data or network.
If you do not have policies in place already, you need to begin the process of building these policies by delegating this to a champion within your organization or a qualified third party immediately. If you’re unsure of who to contact for assistance, ask a trusted consultant such as Converged Technology Professionals for advisement and qualified guidance.
Remember, if your employees do not know what the policy is then they cannot address security issues in a preventative way.
Maintain involvement in the process
You cannot just delegate this process and move on. You need to formalize your involvement in the process. The Economist Magazine found in a study that just the involvement of senior executives in cybersecurity would reduce major cybersecurity incidents by 35%. This is without spending any money.
The importance of this alone cannot be overstated.
Make sure your cloud vendor really is as secure as they say they are. If you’re unsure how to find a reputable vendor, reach out to a consultant such as ourselves that works with businesses to ensure proper network and security best practices including proper infrastructure are set up properly.
Treat your Data as if It’s Local
You should still treat your data as if it is local. What does this mean? Sure, your cloud-based system is protected and has strong security. But that doesn’t mean you still won’t have your own in-house protections.
- This means strong passwords for everyone. Do not leave this to chance.
- Do your cloud-based systems have encryption? You should still have your own locally controlled encryption.
- Your cloud vendor is backing up your data. But you should keep doing locally controlled backups that are stored off-site.
- Create policies about employees storing data locally on laptops, mobile phones, tablets or anywhere else.
Remember sometimes attacks go for the cloud vendor and get your data in the process. Have your own protection and keep it up to date. That’s why we always offer our WeVault backup and data storage services to all our customers should you ever need to restore your data.
Proper Backup and Retrieval Solutions
Should data loss occur, or your network become compromised due to a virus, you want more than just a regular backup data set. You want a full roll back to a specific point in time.
Companies like DataCore, of whom we are a partner, include advanced data monitoring and system roll back.
Ensuring Regulatory Concerns
Some industries have stricter regulatory requirements regarding privacy, data storage and archiving, communication encryption, etc.
What are your regulatory concerns? Make sure that all of your cloud vendor’s systems comply with any regulatory regimes you have to work with GDPR, HIPAA, Sarbanes/Oxley, or PCI. You should have definitive statements of compliance and auditing with any of these that you currently deal with or that your supply chain is involved with.
Never give up control.
No matter how much of your work is given up to third parties be it vendors or consultants, you are ultimately responsible. You should have your fingerprint on every part of your security strategy and policy, even if it’s advice provided by a consultant, you need to be aware.
If you’re unsure about something, ask. No vendor or consultant should be too busy to answer serious questions on these serious issues.
Using these strategies will move you closer to keeping your data and network safe from unwanted attacks, data loss, or downtime. At the end of the day choosing to avoid moving to the cloud isn’t the answer to your security woes.
Whether using business communications and applications in the cloud or on-site, the unwanted still happens. It’s up to you to be prepared no matter what.