Because it’s International Cloud Security Day*, it’s exactly the right time to celebrate the sheer joyous variety of cloud security solutions out there, ready and waiting to keep your data, business, and people secure from All The Badness.
(*Technically, it’s April 3, but we like to be prepared. Also, EVERY day is Cloud Security Day at Ignition!)
When you work in the cloud, you gotta stay safe – we all know this. But when there’s, like, a metric ton of security solutions to choose from, where do you start? And who the jeepers can afford all of them at once?
So we locked our cloud security expert, Mitch, in the office supply closet and wouldn’t let him out until he told us a.) the eight best cloud security solutions for your business (yes, yours!), and b.) which order to deploy them, especially if you’re, ahem, financially embarrassed, so you get the most kapow! for your pennies.
Let’s do this.
Use the links below to jump ahead, even though you’ll miss out on all the other pearls of wisdom that we’ve gathered here for you as they fell from Mitch’s lips. It’s fine.
Do These First
Here are your first two steps to Total Cloud Confidence™ and – wait for it – one of them isn’t even particularly techy, because it’s all about culture. If your organizational culture sees data security as a stranger, if your attitudes are lax, or if your higher-ups prefer speed over safety, this is where you start.
1. Cloud Security Foundations: Culture And Structure
Any fancy cloud security solutions you buy ain’t worth squat until you’ve laid the foundations to get the organizational structure and culture right. Here’s how:
a.) Information Security Policies
Information security policies provide the framework for everything else your business does around security. They outline the who, what, when, where, how, and why of your operations. They say, “This is how we do things around here.” Information security policies are the best.
b.) Employee Awareness: Security Training And Phishing Simulations
Your people are your first line of defense against the cybernasties. And that’s why it’s important to train them to take security seriously, and to be able to behave and respond appropriately to a cyber attack, as well. To prevent some of the grossest security breaches, a dose of cyber bootcamp will increase your people’s awareness of social engineering schemes and show them how to spot warning signs in electronic communications. Phishing simulations can be super-effective at reducing your people’s vulnerability to pretty much zero. (#shamelessplug: we do this!)
2. Mobile Device Management
We bang on about this so much we just can’t even. That’s because mobile device management (MDM) is The Great Enabler. It’s grown gills, legs, and wings since those golden, old-school company device management days when we all used on-premises Microsoft Windows servers and one big group policy to manage homogenous fleets of Windows PCs. (Way back before we even had computer-phones.)
Now, MDM has the capability to control multi-platform devices, which makes it perfect to big up the safety for a motley mixture of devices, wherever they live in the world and whatever flavor they are.
MDM has become rich with features that aren’t limited to security, but as we’re specifically talking about security here, we won’t go down that wormhole. MDM enforces baseline security policies on company-owned devices, distributes security software and updates to them, and can remotely locate or erase them if the device goes AWOL. And that’s just for starters. And, of course, the fun thing about MDM is that you control all your devices from a single, centralized dashboard. Hopefully from the comfort of your sofa.
Do These Next
Once you’ve got policies, training, and MDM down, it’s time for some straightforward security configurations that’ll tighten up and lock down security even more firmly. And where do you find these configurations? In your information security policies, of course. Here’s your Do-These-Next menu of tasty treats:
3. Web Content Filtering
Here’s a way to protect your people from themselves. Web content filtering prevents your people from landing on web pages riddled with known malware or ransomware. And you can also use it to block inappropriate types of websites from your devices, like hate speech sites. Keep ‘em safe from all flavors of evil!
4. Email Security
No one wants a setup that makes their employees’ email addresses and identities easy to spoof. No one. That’s why it’s time to slap some cool acronyms like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) on your company domain to help prevent high levels of spoofability. These protocols also happen to be cheap and cheerful on the budget, too.
Your email provider might already have some built-in protections to help control malware, spam, and phishing emails. That’s a solid baseline, but it’s a smart idea to use a good third-party tool that leverages AI and other fun things like crowdsourcing and reputation scoring, as these aren’t always included in your provider’s package.
5. Endpoint Detection
Next on your shopping list is a heaping dollop of Endpoint Detection and Response (EDR). EDR is not your common-or-garden-variety antivirus tool, although it was developed from the old-style antivirus platforms. Decent EDR doesn’t just scan files against a known list of malware. Like the email security filters listed above, it leverages AI to analyze suspicious system behaviors, checks reputation scores from threat intelligence providers, and uses crowd-sourced reporting to provide faster and better threat detection.
6. BYOD Security
Using personal devices for business use? Bring Your Own Device (BYOD) is a thing that’s here to stay. Perhaps the Bosses where you work are glued to their phones to do their thing – this is a massive risk, especially given that people in high-level positions are the most valuable targets for scammers. Here’s where you check out your BYOD policy and tell everyone, “Yep, you can use your personal devices for work but they need to be compliant with these big, fat security measures. So there.” Enforce those security measures. Then keep corporate and personal data separate with some shiny Mobile Application Management (MAM). Sorted!
Now Do These
Kudos to you so far – but more exciting adventures await with these next two cloud security solutions. Maybe you’re thinking, “Hey, why haven’t they mentioned cloud single sign-on?” Well. We’re gonna, and here it is:
7. Cloud Single Sign-On
It’s good practice to make sure that only the right people have access to the right stuff at the right times. Access control is IT catnip to compliance officers because it’s super-effective at making sure this happens. And single sign-on (SSO) is where it’s at.
To deploy this champion of cloud security, you must first choose an identity provider (IdP) – such as Microsoft, Okta, or OneLogin – and then get your cloud services to use the IdP for single sign-on. This means your people just have One Account To Rule Them All – or rather, to access an entire super-sized menu of services instead of having to remember a ton of individual app URLs, usernames, and passwords – oh my! With SSO, you’ve got a strong front door that offers entry to all the apps and files in your cloud (library), and it also helps improve password management.
But hold on there, because it can get pricey. And it’s not because SSO innards are encrusted with diamonds, is it? Nope (sadly), it’s because some cloud services are just plain greedy and will charge you a premium to set up and enforce SSO. This is colloquially known as the “SSO tax.” Shall we name and shame? You bet!
8. Data Loss Prevention (DLP) Tools
DLP tools and processes help to prevent, er, data loss. It makes sure that sensitive data is not lost, misused, or accessed by unauthorized users. You’ll need to dip into your security policies (remember them?) for this, and you’ll (hopefully) find a backup and disaster recovery strategy to guide you.
The DLP tools you deploy will depend on the kinds of services you’re using. For example, if you’re into Chromebooks and store all your data in Google Drive, you won’t need a desktop backup solution, but you should consider backing up your Google Workspace data to a third-party cloud backup provider.
Preventing data leakage and unauthorized access is quite a bit trickier, and means fiddling about with tools that track data access, movement, and visibility. The cost of a DLP solution can be one of the pricier security measures, especially as it requires ongoing monitoring.
Cloud Security Solutions Are Fun And Important.
When you’ve invested in best-practice cloud security, not only are you better than your competitors, and also smugger, but you’re safer. That’s three things to be proud of. And no matter the size of your business or budget, there’s always stuff you can do to get to that best-practice stage. Let’s talk cloud security solutions, because it’s a great day for it. Call us.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us now – chatting about IT support and cybersecurity is our favorite thing to do!