4 ways SMBs can im­prove se­cu­rity through cloud

Small and mid­size firms are vo­ra­cious users of cloud ser­vices; a few pre­cau­tions can make their businesses even more se­cure

InformationWeek - - Contents - ROBERT LE­MOS

Small and mid­size firms are vo­ra­cious users of cloud ser­vices; a few pre­cau­tions can make their businesses even more se­cure

mall and mid­size businesses (SMBs) have ma­jor prob­lems deal­ing with their in­for­ma­tion tech­nol­ogy: Rarely does a small busi­ness have an em­ployee ded­i­cated to IT and, when it does, the per­son has lit­tle time to pay at­ten­tion to se­cu­rity.

Yet the se­cu­rity of SMBs has be­come a mount­ing con­cern. While at­tack­ers are in­creas­ingly fo­cus­ing on small businesses, only 10 per­cent of businesses with 250 em­ploy­ees or less have a full-time IT ad­min­is­tra­tor, ac­cord­ing to a 2012 study con­ducted by Sy­man­tec and the Na­tional Cy­ber Se­cu­rity Al­liance. The study found that nearly 70 per­cent of com­pa­nies did not even have an in­for­mal In­ter­net se­cu­rity pol­icy or pro­vided their em­ploy­ees with se­cu­rity train­ing.

Man­ag­ing 100 or 1,000 desk­tops and a hand­ful of servers, in­for­ma­tion­tech­nol­ogy man­agers at smaller firms find them­selves drawn to cloud ser­vices for their ease of use, but are fre­quently un­cer­tain at how to pro­tect their sys­tems or data, says John Howie, Chief Op­er­at­ing Of­fi­cer for the Cloud Se­cu­rity Al­liance. “The aver­age small or [mid­size] busi­ness cares that their sys­tem is se­cure, but they don’t have the time or the re­sources to en­sure that they are se­cure,” he says.

In this con­text, here are four sug­ges­tions given by cloud providers for SMB ex­ec­u­tives and man­agers to keep their businesses safe:

For the most part, soft­ware-as-a-ser­vice providers will help SMBs of­fer their em­ploy­ees the busi­ness ser­vices they need while tak­ing care of most se­cu­rity con­cerns

1 RELY ON CLOUD FOR EX­PER­TIZE

While some mid­size businesses have enough se­cu­rity ex­per­tize to move their sys­tems to the cloud as part of a more hands- on in­fras­truc­tureas-a-ser­vice op­tion, for most SMBs soft­ware-as-a-ser­vice works best, says Carson Sweet, Co-founder and CEO of CloudPas­sage, a cloud se­cu­rity provider.

“It’s a great op­tion be­cause, if they don’t need the flex­i­bil­ity, it takes a huge amount of re­spon­si­bil­ity off of their plate,” Sweet says.

For the most part, soft­ware-as-aser­vice providers will help SMBs of­fer their em­ploy­ees the busi­ness ser­vices they need while tak­ing care of most se­cu­rity con­cerns. In most cases, SMBs should not be run­ning e-mail, file, or web servers un­less the ser­vice is a dif­fer­en­tia­tor for their firms, the CSA’s Howie says. In­stead, com­pa­nies should ben­e­fit from the se­cu­rity ex­per­tize of cloud ser­vices.

“Don’t try to run that stuff in­house be­cause chances are that you will ex­pose yourself to data theft or data loss,” he says. “Out­source all that headache to the cloud and the cloud provider, and they will do a bet­ter job.”

2 IN­TER­RO­GATE YOUR CLOUD PROVIDER

In that vein, SMBs have al­ready taken to cloud ser­vices, whether by choice or be­cause em­ploy­ees have jumped on the band­wagon with­out con­sult­ing man­age­ment. About six out of ev­ery 10 SMBs uses cloud ser­vices, with the aver­age spend­ing reach­ing 12 per­cent of the in­for­ma­tion-tech­nol­ogy budget, ac­cord­ing to IT tools maker and com­mu­nity hub Spice­works.

Yet, be­fore sign­ing on with a cloud provider, prospec­tive cus­tomers should do their due dili­gence, says Joel Smith, Chief Tech­nol­ogy Of­fi­cer and Co-founder of Ap­pRiver, a provider of cloud ser­vices for SMBs.

“It would be very sim­ple for any size com­pany to do a due-dili­gence check list,” he says. “The ques­tions can be asked in a way that you can tell if the provider knows what they are do­ing, and you can tell if they have thought these [se­cu­rity] things through.”

A good start is the Shared As­sess­ments pro­gram, which stan­dard­izes the process for ven­dor as­sess­ments and has a free man­ual (PDF) avail­able for as­sess­ing cloud providers.

3 E-MAIL AND WEB SE­CU­RITY: NO BRAIN­ERS

A group of ba­sic busi­ness ser­vices should be con­sid­ered a no-brainer for most SMBs: e-mail, web host­ing, and file-shar­ing ser­vices, say cloud providers.

“Given that cloud providers are very good at run­ning very se­cure in­fra­struc­ture, you are prob­a­bly bet­ter off go­ing to the cloud for sim­ple work­loads, such as e-mail, doc­u­ment col­lab­o­ra­tion, uni­fied com­mu­ni­ca­tion, telep­res­ence, and CRM,” Howie says. “If I were start­ing up a small busi­ness, there is no way I would con­sider hav­ing on-premise IT any­more for e-mail or doc­u­ment col­lab­o­ra­tion.”

Cloud providers are able to pro­vide e-mail in­fra­struc­ture with anti-virus and anti-spam fil­ter­ing for about half the cost of hav­ing an in­house server, ac­cord­ing to Ap­pRiver’s Smith. And web se­cu­rity, by us­ing a cloud proxy ser­vice, can stop em­ploy­ees be­fore they get in­fected by go­ing to a ma­li­cious web­site.

“Do a quick, broad check of your traf­fic to make sure that your users don’t go to com­pro­mised web­sites in the first place,” Smith says. “We have plenty of sce­nar­ios where a cus­tomer signs up and they find that they are com­pro­mised and they didn’t know.”

Fi­nally, com­pa­nies should look at aug­ment­ing the se­cu­rity of busi­ness ser­vices with additional cloud se­cu­rity. Vul­ner­a­bil­ity-man­age­ment providers that fre­quently scan web­sites for flaws and web ap­pli­ca­tion fire­wall ser­vices that block at­tacks on com­pa­nies’ web­sites are ex­am­ples of ser­vices that can help a com­pany de­fend its borders.

4 AC­CESS MAN­AGE­MENT, BACK­UPS: DE­PENDS

Two businesses ser­vices that can work in the cloud but may not be a slam-dunk for smaller firms are ac­cess man­age­ment and au­to­mated back­ups.

Ex­ter­nal ac­cess-man­age­ment ser­vices — such as Win­dows Azure Ac­tive Di­rec­tory — are gen­er­ally not de­signed for in­ter­nal de­vices but for man­ag­ing ex­ter­nal ac­cess to cloud re­sources. For that rea­son, keep­ing Ac­tive Di­rec­tory in-house is eas­i­est.

Stor­ing back­ups in the cloud ben­e­fits from all the other ad­van­tages of cloud ser­vices, such as the ex­per­tize con­cen­trated at the cloud provider and the fact such back­ups are au­to­mat­i­cally taken off-premise — a key se­cu­rity re­quire­ment of a good backup strat­egy. How­ever, even small com­pa­nies can cre­ate mas­sive amounts of data, which can make cloud back­ups slow and data restora­tion even slower.

Yet that de­pends on the ser­vice provider, ar­gues Piyum Sa­ma­raweera, Di­rec­tor of prod­uct man­age­ment for on­line backup provider Car­bonite. The com­pany has come up with its own strat­egy to get around band­width lim­i­ta­tions: The com­pany re­stores data needed most by the client first and then com­pletes the process as quickly as pos­si­ble. If the com­pany needs all the data as soon as pos­si­ble, Car­bonite will overnight the in­for­ma­tion on phys­i­cal me­dia.

A large part of the process is giv­ing the best sup­port, Sa­ma­raweera says.

“If they have a cat­a­strophic event that deletes crit­i­cal data, we ad­vise the client on the quick­est way for them to get back the data,” he says. “We walk them through the process of bring­ing the data back to the com­puter.”

Given that cloud providers are very good at run­ning se­cure in­fra­struc­ture, SMBs are bet­ter off go­ing to the cloud for sim­ple work­loads, such as e-mail, doc­u­ment col­lab­o­ra­tion, uni­fied com­mu­ni­ca­tion, telep­res­ence and CRM

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.