Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Raising awareness quickly: Avoiding problems in the cloud

Steve Ragan | Oct. 28, 2013
Rapid7 offers up tips on how to avoid common problems while using the cloud

Work with IT/Security: When you start to think about using a new service, bring the IT and security team into the process. We can work with you to identify potential options based on your needs and budget, and then we can vet the candidates for you. We know the questions to ask and what to look for to ensure you get all the benefits without a lot of extra risk.

Don't store information online without permission: When you use a cloud solution you may find that you start putting data in there as a matter of course. This is how you get value out of the solution, but have you considered what kind of data you're storing there? Or how the vendor is storing and protecting that data? We have a responsibility to keep that data safe, but a third-party vendor may not feel they share that responsibility. Check with IT and we will tell you whether it's safe to store information online.

Don't use personal cloud storage for work: It's very tempting; you use an online storage service for your media and documents at home. You already have an account set up, and you need to be able to access company information so you can work wherever you are. Using your personal account seems like an obvious solution, but it isn't. Ask IT for a solution and we will suggest some company-approved approaches and get you up and running.

Don't share permissions for company files: It's a standard practice to restrict who can access certain types of information in the company based on role. This helps keep the information safe. In the same way, you should check with a manager or IT before sharing access to files that are stored in the cloud.

Don't share passwords and other access credentials: It's very common for teams to share credentials for cloud services. This is an inherently insecure behavior and can encourage other equally insecure behavior such as emailing credentials, writing them down, or using very weak, easy to guess passwords. All of these activities increase the risk associated with using cloud services and should be avoided. Please familiarize yourself with our email on basic password hygiene if you have not already done so.

If you are considering a cloud purchase, or are already using some cloud services we may not know about, please do contact the IT team. And stay vigilant team!


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.