Enterprises are increasingly turning to the cloud for cost-effective data storage, but as the recent Equifax breach makes clear, data protection is still a critical topic for IT teams. While the cloud offers relief from daily backups and investment in servers for data storage, enterprises should not assume their data is safe.
Protecting customer information is critical, but so is the safeguarding of other corporate information assets, such as pricing information and sales history. Customer financial information needs safeguarding, and enterprises in the financial and healthcare industries must use additional caution to protect client assets. In the case of healthcare, prioritizing the regulations associated with the Health Insurance Portability and Accountability Act (HIPAA) is critical.
The EU has put some regulations in place for requiring enterprises to protect the data of consumers, but in the U.S., data protection is largely driven by self-governance, as well as the assurance that consumers will abandon a company that experiences a major security breach.
Best Practices for Data Protection
Evaluate the best options between public cloud, private cloud, and hybrid cloud solutions. The best and most secure option for data storage and protection may be different between these alternatives depending on the type of data being discussed. It’s possible that an enterprise will need to use a combination of cloud solutions for the different types of data they need to protect.
Fully examine the security history of the service provider, as well as the storage platform itself. You need to know what the service provider’s security recovery plan is, and whether they’ve had to execute it in the past. Don’t only look at the vendor, but examine the reputation of the software they use.
Use two-factor authentication. Look for a cloud service provider that offers this, because even if a hacker has access to passwords, they won’t be able to get past the second step.
Utilize third-party encryption when data is being moved. The cloud service provider will protect data once it’s on their server, but use encryption from a third-party as a data protection safeguard.
Get creative with challenge questions. Using standard challenge questions makes it too easy for hackers. Instead, staff members can choose from a custom set of challenge questions, or they can be encouraged to use nonsense answers for standard questions.
Have a plan for devices. If you have a bring your own device (BYOD) policy, be sure there’s a plan in place for controlling the risk of security breach. From time-outs to policies that regulate how data is wiped when an employee parts ways with the enterprise, there must be a plan in place.
At TeleConsult, our expertise in communications technologies along with our diverse experience with multiple carrier products means that we bring a depth of telecommunications capabilities to our clients. Contact us for an initial appointment to discuss a data protection plan appropriate for enterprise security.