How SMART Businesses Keep Their Cloud Data From Falling Into the Wrong Hands

Cloud computing is a normal part of today’s business landscape. In fact, in a recent poll of IT and business executives by Harvard Business Review and Verizon, 84 percent of respondents said they increased their use of cloud services in the past year-- 39 percent said they had “increased significantly.” However, with more users accessing cloud data, business owners must be mindful of employee permissions.

This kind of security oversight is known as role-based access control. While role-based access control has always been a major component of network security, for some reason (perhaps due to the cloud’s ease-of-use), user permissions can be overlooked when it comes to cloud computing.

With a traditional, in-house IT infrastructure, user permissions and other aspects of network security are overseen by an in-house IT staff member or your trusted IT guru. The advantage of having an in-house network is that your IT technician is familiar enough with the company to know who the users are, along with their roles within the organization (this is especially the case for small businesses). With cloud computing, security oversight is often outsourced to the cloud provider, who may not know every user or understand what their roles are within your company’s organizational structure.

To be clear, we’re by no means advocating against outsourced network security. Instead, we want to raise the concern of not blindly rushing into a cloud computing service without first properly vetting its security measures. For example, you’ll want to make sure that your cloud computing solution gives you enough control that you can implement different levels of access to sensitive data based on the roles within your company. Doing so will require you or an administrator within your company to set these parameters, or maintaining a relationship with your cloud provider so they can understand the role-based access control needs of your business.

NetworkComputing explains:

When you have employees with different roles in your company, access control is a key feature that can help ensure basic cloud administrative security. You’ll need to exercise caution to prevent credentials from being compromised, and to ensure menial errors don’t spoil your day. Implementing robust and powerful access control is important to protect company resources.

Additionally, you’ll want to implement ways for the information that one’s granted access to (due to their role) to only be seen by them, and not shared with others who have no business accessing it. For example, in-house IT workers have access to more information than the average worker, much of which is sensitive in nature. Despite this, according to a recent study by Intermedia and Precision Sample, IT workers are 10 percent more likely than non-IT staff to give away their login credentials for superfluous reasons.

What precautions do you have in place to prevent scenarios like this from happening? One extra layer of protection you can add to your cloud service is two-factor authentication. This will mandate another form of authentication, like a text message or phone call, in order for the user with the proper role to access the information they need. A security solution like this will make it much more difficult for a user to exchange account information with those outside of their roles.

The many benefits of cloud computing are obvious, which is why enterprise-level cloud services are growing so rapidly. For something this critical to the success of your operations, however, you need a provider that understands your industry and the many IT challenges it faces. For 25 years, SMART Services has provided hundreds of independent agencies and small businesses like yours proactive, fast and expert technology services. Our myAGENCYcloud and myBUSINESScloud services offer a complete, state-of-the-art cloud solution and reflect our passion for technology and our commitment to keep your business needs first.

Give us a call today at (586) 258-0650. We'll make the move to the cloud easy.