5 Experts Share Cloud Security Tips Brands Need to Know
This post is an excerpt from our Digital Growth Summit event in Sunnyvale.Here are the digital marketing experts who contributed to this blog:
Here are some key takeaways from the Best Practices for Cloud Security Tips Brands Need to Know panel:
There is no right or wrong answer when it comes to storing data on the cloud vs. on premise
No company is immune to security breaches, but you can take steps to minimize risk
Beware of fraudulent use of your brand name
You need to assess how secure your own system is compared to the cloud security of the vendor you’re considering and make the determination that way.
These include everything from making sure third-party providers who access your data have adequate security protection themselves to using common sense about opening emails from unknown parties.
Imposters are increasingly posing as known brands to get access to your customers. Check with your hosting provider to find out what protections they offer if this happens to you.
There is often a stigma associated with the cloud with older businesses such as banking and healthcare where they want to keep the data on premise. What are your thoughts on cloud vs. on premise? What is more secure?
It comes down to who can secure your data best. If an entity is mature and confident that they are going to have better security than whatever cloud vendor they are considering, then that’s great and they shouldn’t put that data in the cloud. Conversely, if the cloud vendor is able to secure it better and bring more resources to it than you are, then by all means put your data with the cloud vendor that is going to keep your data more secure. Companies are of all different sizes, maturities, and resource levels so look at where your company is in regards to security. The Cloud Security Alliance publishes a list of due diligence questions that you should be asking any cloud vendor. It is also important to realize that it’s not just the data in the cloud that is at risk. Endpoints and social engineering are often the targets or at the very least the beginning of the chain that leads to data breach. —Michael Machado
You need to ensure that your software is always up to date. —Ambuj Kumar
You also have to realize that your computers are not secure by design. You have to secure them. Most of the breaches that we see happen because someone finds a bug in the operating system and the vendors fix that, but the ID has not updated and the computer is still vulnerable. You need to ensure that your software is always up to date. —Ambuj Kumar
What are the questions that we should be asking the tool vendors available today such as Google Drive before integrate these tools with our own technology and data?
All of these communications should be encrypted, the data at rest and the data in motion. Meanwhile, you need to asses your own data and cloud security by asking, “What is talking to what, by what means, how often, and with what frequency?” You have to understand the data and the legality around the data to perform your own risk assessment. Database access monitoring and web application firewall technology can help address these parts of the problem. —Ryan Potter
How do breaches occur, and what do you do if it happens?
Phishing is one of the most popular breaching methods. –Michael Machado
Phishing is one of the most popular breaching methods. Sometimes you get an email or pop-up that might look like spam or it might look like something that you should open up. We like to think that we don’t fall for this, but the data shows that we do. We click on things and open things that lead to malware on our endpoints. You have to think about not only how encrypted or secure your own data is but also who has access to your data, because if they’re targeted, that puts you at risk too. —Michael Machado
Your company is only as good as its weakest link. If you bring in third-party provider to plug into your network to provide an added-value service, and their cloud security controls are not at the same levels as your security, then you have to treat that area as untrusted. —Ray Espinoza
Breaches can occur due to passwords that aren’t secure enough. –Ryan Potter
Breaches can also occur due to passwords that aren’t secure enough. A good answer is to use a password manager. They are very affordable, most have enforcement capabilities, and they have everything from the small, sole-proprietorship level to the enterprise solution that incorporates two factor authentication. —Ryan Potter
What do you do when someone is abusing your brand by impersonating your brand and sending phishing emails or tweets to your customers?
If someone is using your trademark, work with the hosting provider to reclaim or take down that site. –Ray Espinoza
Whatever mail services you are using to communicate with your customers, you want to make sure that your domain supports DMARC. DMARC essentially allows your customers to verify that emails are coming from you and not from an imposter. This can help prevent the random domain that is not really your domain from sending passwords that reference your domain and look and feel like your brand. —Michael Machado
If someone is using your trademark or your language, you can generally work with the hosting provider to reclaim that page or take down that site if it is a domain that you should own. —Ray Espinoza
Breaches happen everyday. –Jeff Marcoux
Breaches happen everyday. From a marketing perspective it is really important to ask what can we do as a brand, what is our role? –Jeff Marcoux