• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
  • Editorial Calendar 19-20
BW Businessworld

Six Best Practices to Ensure the Best Cloud Security

Here are the top six things that organizations need to do to ensure that their data and applications are secure:

Photo Credit :


Employees today use numerous cloud apps in the course of their work that involve movement of data and workloads between cloud, on-premise endpoints as well as with third parties. Therefore, safety of data is a constant worry for most organizations across industries, particularly when it comes to public cloud, because of lack of visibility into the exact physical location of their data. However, the reality is that cloud service providers have far more robust security capabilities than individual organizations can afford.

Cloud infrastructure is generally more secure than on-premise and there are couple of reasons for this. Firstly, given the scale at which they operate, their ability to compile top-notch data that can provide important insights on threats is unmatched. Most cloud providers have already upped their security game primarily, by investing in best in class technologies. For example, they have tools that secure data using access controls to decide who gets access to which data; one can go down to the application level and implement policies and protocols particularly to protect data that is sensitive or confidential.

However, even with the best of cloud platforms, the ultimate liability for ensuring safety lies with the organization, not the service provider.

Ensuring Cloud Security

Here are the top six things that organizations need to do to ensure that their data and applications are secure:

  1. Access controls: While cloud platform providers can provide the right tools, it is up to the organization to set up the right access controls and rules in place to ensure that its data is safe. For example, in cases of social engineering or insider theft, only the right policies can help ensure the safety of data. Access control settings must be aligned with each employee’s job function such that the person can perform their role efficiently, but there is little scope to misuse the data. 

  2. Pay attention to the geographical location of your data: Countries around the world are emphasizing on implementing data storage on local servers as they feel they need to have control over data that is originating from within their national boundaries in order to ensure national safety and prevention of crime. At the same time, this also causes hindrance to global trade due to lack of reusability and interoperability. 

One must note data security is more a function of security processes than geographical location. International cloud system providers usually have robust security accreditations and access to global database of fraudulent practices and patterns that they can utilize to make their ‘local data’ safer. Enterprises on the other hand must ensure that they consider the local privacy policies and templates on the cloud and have the relevant security and audit controls on data that moves from a shared international platform to a local cloud.

  1. Security policies in line with industry: Cloud providers provide the necessary tools and security options to help frame robust security policies to protect an organization’s data. An organization’s security requirements are driven by various factors such the industry they belong to, the country they are located in and the type of data that they work with. For instance, the security needs of a pharmaceutical company will vary widely from that of a retail organization. Even within an organization, different types of data require different degrees of security. It is essential to ensure that you have the right security policies as appropriate for your industry and your business requirements.

  2. Ensure watertight contracts: In case of any data breach, the liability always lies with the organization, rather than the cloud provider. Therefore, it becomes essential to ensure that the contracts are well defined and have penalty clauses that can be invoked in the event of any breach. 

  3. Pay special attention to multi-cloud environments:  Security can sometimes become tricky in multi-cloud environments where the data resides on different platforms. In such an event, organizations must ensure that there is a policy engine that controls policies based on the data itself rather than the platform where it resides. 

  4. Securing data at transit and rest: An organization needs to protect data whether it is residing on a hard drive, flash drive, laptop, desktop or whether it is moving from one device to another or from one network to another. For hackers, it is the value of the data whether at rest or in transit, that lures them to commit a crime. The security team must classify the data that they want to protect in order to strategize on the appropriate data protection measures. Data encryption is the primary tool used to secure both types of data.

A proactive approach bolstered with context-aware security protocols is the best way to protect your data in whichever state they are in.

Cloud platforms, the underlying infrastructure and hosted applications are the critical components in the cloud eco-system. Ensuring secure data storage and communications in the platform, infrastructure, and applications are important to adhere to data security compliance. 

The bottom line is irrespective of the cloud provider/s that your organization chooses, taking ownership of your data’s security and including security as part of the cloud strategy is highly recommended.

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.

Tags assigned to this article:
Cloud security

Dinesh Rao

The author is Executive Vice President and Global Head - Enterprise Application Services, Infosys

More From The Author >>