Adopting the cloud into your enterprise can seem like a daunting task. There are so many options and factors to take into consideration, it’s easy for even the most experienced IT pro to pass over basic points when focusing on the more complicated issues. This slideshow features eight best practices from Evolve IP that you should keep on your check list when moving to the cloud.
Click through for eight best practices to keep in mind when adopting cloud services, as identified by Evolve IP.
Cloud service subscription policy
Create a policy around cloud services in your employee handbook that prohibits users from signing up for business-related cloud services at an individual level. Instead, subscribe at the organizational level so your IT staff can manage all accounts. This does two things: It protects the organization from a security perspective and it helps ease administration of content control.
Public vs. private cloud
If you or your IT staff are not thoroughly familiar with the differences between public and private cloud computing, you need to be. They each have pros and cons, but you need to be aware of security implications should your organization decide to use public computing for private, sensitive or mission-critical applications.
Service provider security policy
Make sure your service provider supplies information on their security policies. Ensure they follow an OWASP or PCI DSS-type security framework to mitigate and remediate security vulnerabilities.
If your organization’s password policies are weak, you’ll be even more vulnerable in the cloud. Make sure you implement a strong password policy with random, long, alphanumeric passwords that change on a regular basis. More complex passwords are obviously harder to crack.
In many cases users access the cloud through a Web browser. Make sure users employ strong client-security tools, where applicable, and that your browsers are up-to-date and protected from exploits.
If you are using cloud storage services for sensitive data, make sure you are encrypting the data, particularly if using public cloud storage.
Cloud provider architecture
Ensure that you thoroughly understand a cloud provider’s architecture and how it applies to your organization’s objectives and security policy. Make sure to ask questions about how the company operates, their offerings, and how it applies to your company.
The fastest growing way users are accessing the cloud is through their mobile devices. No matter how secure your cloud app/data is, if your mobile device security strategy is poor, you are at risk. Have your IT staff implement and install mobile security features on user devices.