Blog 7: Cloud Security with Diversity of Defense

Image courtesy of ddpavumba at FreeDigitalPhotos.net

In my effort to increase security awareness and obtain a cultural acceptance, I wanted to bring a focus on the use of cloud based solutions for storing data and security measures to consider that could assist in reducing some associated risks.

As we use different devices to obtain our data, having the ability to utilize cloud-based storage, like One Drive, Google Drive, and Drop Box, seem to have become a useful convenience for some. The convenience resides in the fact that you can have instant access to your data, anytime, and anywhere you have an Internet connection. Even more, some providers allow the opportunity to share your data with team members of your choice to provide an incredible opportunity for collaboration efforts. However, what if your data is being shared with individuals who are not a part of your team. What steps can you take to protect the information and confidentiality of your data?

First of all, a 100% protected and safe cloud based system and environment, more than likely, does not currently exist (none that I have seen thus far). Additionally, consumers must accept that risk does exist with the use of these systems, so the cloud solutions may not be for everyone. In fact, many businesses have policies that strictly prohibit the storage of company data within cloud based storage systems. Even so, measures can be taken to increase the level of security, thus reducing risk, to bring a feeling of comfort when utilizing the cloud as a storage location for your data. However, never go against your company policies, even if you implement security measures to protect the data. Policies put in place by your organization are MANDATORY and must be adhered to at all times. With that being said, let's focus on security measures for the data you own or have explicit permission to store within a system of your choice.

The first security measure to consider when storing data within the cloud is fairly simple to implement and is called password management. Make sure you have a secure and hardened password in place. Even more, ensure to change this password on a frequent basis. A useful tool to assist in this process is called a password manager, such as LastPass, DashLane, and 1Password, just to name a few. These programs can provide you with a means of changing, tracking, and hardening your associated passwords.

Another measure to consider, that corresponds with your password, is multi-factor authentication. By implementing this along side a hardened and frequently changing password, you are creating what is known as diversity of defense. Diversity of defense is a layered approach to security and protection. To illustrate, if a malicious user were to discover your hardened password, prior to your next scheduled change, they would not be allowed to log into your cloud based account without having possession of the device you selected to receive the pass code when you implemented multi-factor authentication. This, in effect, provides an additional layer of protection of your data, as well as a notification to assist you in taking an immediate action if you receive a pass code notification, but were not attempting to log into the system yourself. 

Lastly, and an extremely important measure, is encrypting your data. Even though you have applied diversity of defense with a hardened password and multi-factor-authentication, encrypting your data provides one more layer for that "just in case" situation. For example, If, for some reason, a malicious user were able to obtain your associated password, as well as the multi-factor pass code, your cloud based storage account could be accessed (breached). However, if you have an encryption solution implemented, such as Sookasa, the data residing within would be unreadable and therefore useless to the malicious user. 

Cloud based computing is an exciting and convenient opportunity for data access and sharing that you should not fear. If you put forth the due diligence and layers of security in place, you can enjoy the freedom to access your data from anywhere you have an Internet access, with the comfort of knowing you have several measures in place to protect the confidentiality of your data.

Thank you for reading! Until next time, remember that you don't have to become a victim of a threat to become aware of a threat!