2014: The year the cloud struck back
I don’t know about you, but for me December came too soon. But despite its early arrival, I really like this time of year – and not just because Christmas vacation is right around the corner. I like December because it’s a great time to reflect.
One of the things I’ve been reflecting on recently is the explosion of the cloud market over the past 11 months. IDC recently forecasted that spending on cloud services will reach $56.6 billion by the end of the year – and is expected to double by 2018.
And it’s easy to see why. The cloud offers tremendous benefits over the traditional approach of providing infrastructure and running software in-house. But it’s not without its downsides.
This year, the downsides of the cloud explosion were clear:
- Too many people have access. From US Airways’ inadvertent pornographic tweet to DiGiorno’s ill-fated attempt to ride a hashtag, there’s now a clear need for stringent controls over who can access and utilize corporate cloud apps.
- Multiple passwords = dangerous passwords. The more passwords employees have to remember, the more likely they are to take shortcuts. Hackers used this tendency to raid corporate Dropbox accounts and steal nude celebrity selfies.
- The cloud’s fragility was exposed. Heartbleed and Poodle underscored the new reality: anything that’s online can be hacked. This means businesses not only have to evaluate provider security, they must also evaluate how they respond to crises.
- Your phones are at risk, too. After falling victim to “premium rate service fraud,” one architecture firm was hit with a $166,000 bill over a single weekend. In 2013, phone hacking cost businesses nearly $5 billion. The lesson: Be just as cautious about connect phones to the Internet as you are about computers.
Keep your business’ name out of the headlines
If these headlines scare you – they should. Luckily many of these incidents can be avoided by making a few simple changes. Here are some tips to help ensure your business doesn’t make headlines in the coming year.
- Implement rigorous access management processes. To successfully manage user access during employment – and even after an employee leaves – your business should have a series of processes and best practices in place.
- Promote strong password policies with single sign-on. A single sign-on solution helps support strong password policies by giving users a single point of entry for all their web applications. This helps eliminate the temptation for users to take password shortcuts that can introduce security holes.
- Put your provider to the test. If disaster strikes, you want to know your provider has your back. To help ensure your company is protected, create a litmus test for your service provider. A few elements to consider: response time, method of communication, transparency, policy disclosure and the sharing of best practices.
- Make sure your provider has protections in place. Phone scams are more common than you think – and can be costly to your business. Make sure your provider can ensure your phones and bills are protected. Do they block high-risk areas like Nigeria, Congo and Serbia? Do they configure calling thresholds? Or create network alarms? These are just a few questions you’ll want to ask your provider.