While it is true that a good IT cloud service provider will host its applications in a far more secure environment than most SMEs could themselves afford, relying on the cloud does not let you completely off the hook when it comes to securing your data.
In this case, I'll be talking mostly about public cloud services - applications that you buy and use as a service across the public internet rather than managing and hosting them in your own server room. Let's consider two elements of cloud security you should be thinking of as an SME: what your service provider should be doing to protect your data and what you should be doing.
When you're selecting a service provider, you should look for a company that has put a range of processes and policies in place to secure its infrastructure and data from information security risks. Luckily, the data centres at most reputable internet service providers keep these basics covered because it's their core business to do so.
Some examples of the things your service provider should do to protect its infrastructure (and your data) include the following:
If you are a user of cloud services it is important to remember that you are accessing this resource through a public network. You probably only have one way to authenticate yourself and that is with a user name and password.
As such, you should ensure you have a strong password that is difficult to guess, but easy for you to remember. It is just as important to change your password periodically. You must also take care not to let your password fall into the wrong hands.
You should not have this information in an easily accessible file on your computer, nor should you write it on a sticky note that you paste on your screen where everyone can see it. In addition, you should run good anti-virus and anti-malware software. It may seem that these are the same thing, but they are not. Make sure they are reputable and have the latest updates and definitions installed.
The next important factor is how you communicate with the cloud. This should always be with a certificate in place. The certificate should be valid for the appropriate vendor of the service, should not be expired, and must be issued by a reputable certificate company.
Lastly, make sure that the product you are using is being offered by a reputable vendor and that when you are accessing this product, you are actually communicating with that vendor. Be wary of phishing scams and other techniques hackers use to access cloud traffic.
Provided you partner the right service provider, using cloud applications will take care of many of the security challenges you'd face running your applications in-house and on your own servers. However, you should also take care to access the PCs and networks in your own workforce that you will use to access software from your service providers.
