This advisory article focuses on cloud security for SMEs.
Every organization currently focuses on cloud technology to quickly and efficiently take on new business opportunities. Given that an important part of IT control is being handed over, it is vital to draw attention to two fundamental security aspects: guaranteeing the identity of your employees and curbing the uncontrolled use of cloud applications, the so-called “Shadow IT.”
The lion’s share of corporate network infringements is based on weak passwords and identity theft. It is therefore crucial not only to think carefully about, but also to implement a good policy on identity and access management (IAM).
A first way to mitigate current risks associated with the use of passwords is multi-factor authentication (MFA). The verification of a time-bound numerical code, or a request for confirmation via a “push notification” on the employee’s smartphone, allows you to establish an identity unambiguously.
A second safety application is single sign-on, SSO for short. This is a solution where security, as well as ease of use, is paramount. Frequently entering authentication data on different applications is often too time-consuming and is the most important reason why end users are careless with their access data. We often see the same password used on dozens of stand-alone applications, rarely or never renewed or even written down on paper as a reminder. With single sign-on, you can limit these risks and the ease of use prevails.
The employee has also found his way to the cloud. The speed with which new cloud-based applications present themselves is enormous. They continuously offer new answers to the current challenges in the workplace and, for that reason, make the working day run much more efficiently. However, this speed implies that the use of these applications is often not initiated by the IT team. It is, therefore, a considerable challenge to find out where company-sensitive information is stored.
An analysis of the cloud use offers an outstanding added value here. By placing a sensor in the network, we have the option of creating a well-arranged report of the applications that are used within the business context. Based on this report, a permanent filter can be chosen for the use of cloud applications. It is not intended to limit the possibilities of cloud technology for the end user, but rather to redirect it to trusted, secure applications.
Finally, setting up a good e-mail filter also remains essential. In addition to your data, your employees are your most important asset. Unfortunately, not everyone has the knowledge to detect a social engineering attack. Social engineering is a technique that hackers use to collect information. They present themselves as someone else. This can be done via phishing, USB dropping, mystery visits and more. It is highly recommended to arm your end users against this through regular training. Besides, it is crucial to provide a specialized gateway to combat the increasingly intelligent spam, phishing and malware campaigns, even when your e-mail service is taken from the cloud.