Just about every organization uses cloud applications in daily operations. Data backup, communications, file storage, and much more is now being managed in the cloud. The biggest (and most troubling) misperception about cloud computing security is that perimeter-based technology works for securing cloud applications. Improve your cloud security operations with these five cloud application security best practices. Learn More: What is cloud application security? >> 1. Don’t Ignore Due Diligence in Cloud App Selection & Sanctioning SaaS infrastructure security is something that most of us take for granted. We’re so used to doing business in the cloud, that we connect to tools and applications without thinking twice about potential security consequences. This cavalier approach to technology is causing information security teams a ton of grief. It’s also given rise to the term “Shadow IT”, which has expanded significantly with the use of unsanctioned, or “shadow”, cloud IT. Every time a new application and/or platform is connected to your company’s cloud environment, a new risk is exposed. The 2018 “Data Risk in the Third-Party Ecosystem” study by Ponemon Institute reported that 59% of companies surveyed experienced a data breach caused by a vendor or third party. While SaaS vendors only make up a portion of that number, it’s a compelling and troubling trend. As company vendor and third party relationships expand and become more complex, it is critical for information security teams to manage what vendors are being granted access to their IT ecosystem. When it comes to SaaS applications hosted and accessed in the cloud, this task is impossible without the right set of cloud security tools . But having the right cloud monitoring tools in place is just part of the battle. Information security needs to be involved in helping teams do their due diligence in selecting vendors. Here are six steps to safe SaaS app selection: 1. Know the source: Is the app offered by a reputable developer? Is that developer active in completing updates and patches? 2. Limit excessive permissions: What types of permissions is the app requesting, and does it really need those permissions for its intended purpose? 3. Be mindful of the app’s name: Camouflage is just about the oldest trick in the book. Criminals often create look-alike and sound-alike apps to trick people into downloading them. 4. In-app purchases: Does the app require credit card information for in-app purchases? Does it need to for its intended purpose? 5. Authentication & Encryption: How does the app handle authentication? What encryption methods are used for storing and accessing data? (This is likely something your team will have to help your colleagues out with) 6. Read Reviews! Always read through the app’s reviews to understand what other people have experienced. Be wary of overly complimentary reviews, which could be faked. [FREE] Cloud Application Security Checklist. Get It Here >> 2. Manage Access to Cloud Applications & User Behavior Setting up and properly configuring Multi-Factor Authentication (MFA) and Single Sign On (SSO) is access management 101. If […]
- How Is Cloud Computing Changing Scientific Research?
- The Tricky Ethics of Google’s Cloud Ambitions
- Renewable energy industry encourages Illinois regulators to finalize cloud-based computing rule
- This Is the One Big Reason VMware Stock Should Be On Your Radar
- Understanding The Different Types Of Cloud Computing