Cloud Security for Small and Medium scale Enterprises

cloud security

Cloud Computing

Cloud computing is a buzzword for computers in the cloud where thunderclaps and rain falls… just kidding. The concept of cloud computing is not far from its literal meaning. It is a clustered set of computers brought together like rain drops to form a “computing cloud”. Some notable features of bringing such computers together will be to use their collective computing power for faster processing (to do more), shared storage to store more and shared networking for ease of communication.

Features of Cloud Computing

The US National Institute of Standards and Technology (NIST) says that cloud services have common characteristics as follows:

  1. On-demand self-service: this is akin to a cloud resource buffet where you can serve yourself… If you need a server, just click a button and there you’ve it.
  2. Broad network access: the cloud services are only available over the network which could be internal to your company, or over the internet.
  3. Multi-tenancy and resource pooling: think of it as renting a room for an allocated amount of time. If you desire to own more of the resource, you must pay the rental fees.
  4. Rapid elasticity and scalability: since all computing resources are put together in a single place, all tenants can share the computing resources according to demand. You can consume more resources based on need and conversely.
  5. Measured service: I take my word back to compare cloud like a buffet. You pay for what you get. Even though you can serve yourself, you will be billed for the quantity of food you have on the plate. So is cloud. No free lunch. 

Benefits of cloud for your business 

Right off the bat, you can deduce how you can take advantage of this service.

  1. Cost savings: going forward, you need not bother about going to computer village to assembly some cheap computer that requires power that is not steady, nor buy antivirus that keeps disrupting your business. Just visit a cloud service provider, and shop till you drop. Maintenance cost… ZERO! Not really. You’ll have to pay for annual subscription fees though.
  2. Mobility: now you can access your products and services from the comfort of your house. While you are travelling, you can simply connect to your internet and see how your business is faring. Valid use of time. See!
  3. Data Security: are you concerned that if you lose your laptop, so much company data will be lost? Worry no more. Cloud services to the rescue. Store business information in the cloud and get it whenever and wherever.
  4.  Flexibility: now that you have outsourced your IT processes, you can focus better on your core business and take advantage of market share. Cloud computing gives you opportunity to suit your products to your customer needs and gives them super rich and reaching experiences.
  5. Disaster recovery:  less likely will your customer ever complain that your services are not reachable like one Nigerian bank we know. This is because most cloud service providers have multiple places, where they store your data and you can get it back anytime like your bank account balance. 

Risks that you should know

Unlike those medicines that are sold in danfo buses, cloud doesn’t solve ALL your IT problems. The bad guys are also working as hard as you to bring you down. Your competitors know that you use cloud and the secret to your success is only a button away. Therefore, you should look out for these things:

  1. Data breach/loss: since someone is responsible for managing your company data, they can do anything with it… or worse sell it. When this happens, people who shouldn’t have access to your company now know the secret things you do.
  2. Breach of privacy: a lot of your customer data is stored in computers in far far away lands. The government of that land can easily ask for the data and use it for whatever they want. Your customers won’t be very happy.
  3. Lack of autonomy and control: it is possible that accidents occur on your tenant (cloud rented space) or your neighbour’s and it affects you. It’s very likely and could happen.
  4. Legal risks: recently NITDA, the CBN of IT in Nigeria released a law that companies keeping personal records of their customers such as name, email, date of birth etc should do so securely. If that data is lost or accidentally found elsewhere, you go pay through your nose for the mishap. Sadly, it is not only Nigeria that is involved in this even the US, Canada, UK, EU and everywhere around the world.
  5. Availability risks: if God bless you with good internet, thank Him. Else, your customers with bad internet will complain your service is not good. It happens.
  6. Malware attacks: Anything on the internet is bound to suffer some level of virus infection. Even home and company computers suffer the same fate when careless employees or even you insert an infected USB and pass it on to others.

What can you do?

Cloud service providers won’t leave you to your fate, but you need to take full responsibility of the resources you buy from a cloud provider. Just like the food you serve at the buffet, you won’t allow just anyone to put their hands in your plate. Same way you need to ensure that your data remains safe and secure. Here is how:

  1. Education and Awareness: Read! Read!! Read!!! Read to understand what data you are putting on the cloud. Educate your staff that if a breach happens due to carelessness, they will not have salary for the month or even ever. Teach everyone in your company that they are likely targets of hackers and teach how to post SAFELY on social media like Twitter, Facebook or Instagram as the walls have ears. Now they can even see too. Teach your employees to change their password as often as they change their toothbrush. Hopefully every 90 days. Document and test your staff on the knowledge of your company policies.
  2. Encrypt your data: as much as it is within your power and budget, tell your cloud services provider you’ll like to put your data in an unreadable format. You can even do it yourself if you’ve the skill. This is useful so that your company secret will be protected even when the data is lost or stolen.
  3. Malware Protection: Even though you don’t have to install an antivirus on the cloud, you can activate it with the click of a button. Tell your cloud service provider you want protection for your assets.
  4. Service Level Agreements: When you ask for the menu, the service provider will serve you the listed services and a legal document called an SLA (service level agreement). This document shows your roles and responsibilities and how to properly use the environment. If you suffer damage or loss on a cloud, the service provider can sue you with the legal agreement in court. So can you. Negotiate well. Read in between the lines before you sign.
  5. Data rights management (DRM): Remember that NITDA is looking at how you use and process personal data. If you default in the way you protect personal data, NITDA will hit you with penalty fees using the National Data Protection Regulation (NDPR) depending on your offense. Use the policies on DRM that tell you where your data is, who is using it and when it was used. Most cloud service providers have this feature on their menu.
  6. Skills: Don’t be cheap. Train your staff in information security or get a specialist like me… I can consult for you for chikini (little) money. You may note that security is a journey and all your employees need to be aware even supplies and customers.
  7. Collaborate: It pays to share as a problem shared is a problem half-solved. You will have companies who have suffered the same fate and will be willing to share how they overcame.
  8. Incidence response: Have it at the back of the mind that you will be hacked. It is not if but when.  Plan for it. Share the plan with all your concerned people in your business. Conduct a fake demonstration often and measure how prepared you are when such bad times happen. 

Conclusion

Nigerian companies can do well if they take proactive measures to remain secure on the cloud. With cloud, they can enjoy higher levels of productivity, better competitive advantage through custom products and services. Employers should watch out for total cost of ownership as cloud may not be cheap in the long run. Education remains key to remaining safe and humans, not technology, are the greatest weaknesses in information security.

About Author

Kyuka is the definition of Philomath… a lover of learning. Curious as can be and love breaking things down… so long it makes sense. He believes that life will be better if humanity is treated as priority.

You can contact him at [email protected].

 

Total
0
Shares
Prev
Darknet: Source of Actionable Intelligence
darknetcybersecfill

Darknet: Source of Actionable Intelligence

About The DarkNet – A little History The darknet didn’t make so much sense

Next
Towards a Safer Internet: Protecting Children Online

Towards a Safer Internet: Protecting Children Online

Introduction The purpose of the Safer Internet Day is to raise awareness about

You May Also Like