HR Pulse




Menu Style


Cloud security tips for SMEs

Sven Woxholt

Information security is top of mind for SMEs as these rely increasingly on digital services and applications to get their work done. Many are turning towards cloud services to reduce IT infrastructure costs and to turn patching applications, securing data and running servers into someone else's problem.

While it's true that a good IT cloud service provider will host its applications in a far more secure environment than most SMEs could afford themselves - relying on the cloud doesn't let you off the hook when it comes to securing your data.

In this case, I'll be talking mostly about public cloud services - applications that you buy and use as a service across the public Internet rather than managing and hosting them in your own server room. Let's consider two elements of cloud security you should be thinking of as an SME:

  • What your service provider should be doing to protect your data, and
  • What you should be doing?

Choosing the right provider

When you're selecting a service provider, you should look for a company that has put a range of processes and policies in place to secure its infrastructure and data from information security risks. Luckily, the data centres at most reputable Internet service providers keep these basics covered because it's their core business to do so.

Some examples of the things your service provider should do to protect its infrastructure (and your data) include the following:

  • It should have multi-layered networks, good firewalls and a vast amount of bandwidth so that it can cope with attempted denial of service (DoS) attacks.
  • It should also have processes and policies in place to keep all server, application and network software up to date so that it protects itself from known vulnerabilities.
  • There should be strict access controls – physical and digital – so that only authorised people have access to the data, applications and infrastructure in the data centre.
  • It should conduct regular vulnerability scanning and penetration.
  • The applications should be designed with best practice in mind.

How to keep your data safe

If you are a user of cloud services, it is important to remember that you are accessing this resource through a public network. You probably only have one way to authenticate yourself and that is with a username and password.

As such, you should ensure you have a strong password that is difficult to guess but easy for you to remember. It is just as important to change your password periodically. You must also take care not to let your password fall into the wrong hands.

You shouldn't have this information in an easily accessible file on your computer, nor should you write it on a sticky note that you paste on your screen where everyone can see it. In addition, you should run good antivirus and antimalware software. It may seem that these are the same thing, but they are not. Make sure they are reputable and have the latest updates and definitions installed.

The next important factor is how you communicate with the cloud

This should always be with a certificate in place. The certificate should be valid for the appropriate vendor of the service, shouldn't be expired, and must be issued by a reputable certificate company.

Lastly, make sure that the product you are using is being offered by a reputable vendor and that when you are accessing this product, you are actually communicating with that vendor. Be wary of phishing scams and other techniques hackers use to access cloud traffic.

Provided you partner with the right service provider, using cloud applications will take care of many of the security challenges you'd face running your applications in house and on your own servers. However, you should also take care to access the PCs and networks in your own workforce that you will use to access software from your service providers.

Sven Woxholt

In his role as technical director, Sven is responsible for the technical infrastructure and development of the Sage Pay (formerly Softline Netcash) system in the Sage Group. His key focus is directing his team in the research and development of transactional services offered by Sage Pay.

Sven brings extensive experience in the IT and financial sectors and in-depth knowledge in the fields of internet based business solutions and transactional services.  He is the co-founding partner of Sage Pay (formerly Softline Netcash) which was established in 2002.