28 cloud security tips to keep your data safe

A closeup of a backlit keyboard on a laptop.

In this piece:

A solid-bet cloud security strategy is a little like a diversified retirement savings plan: You need to deploy your security efforts across different tactics so that even if one approach doesn’t pay off, there are others offering a strong — but different — defense.

For organizations that keep proprietary or highly sensitive information in the cloud, keeping it safe and secure is imperative. You must be confident in the strength of your cloud strategy, so you’ve got to ask the right questions and act on best practices.

First things first: Are cloud services secure?

Are cloud services secure?

A well-vetted cloud strategy, in partnership with a reputable cloud provider, can offer security beyond traditional on-premises deployment. Cloud services are exceptionally secure when best practices such as these are followed:

  • Data centers are physically secured
  • Security updates are automatically and consistently released
  • Built-in security features are operating 24/7
  • Redundancy makes content available at any time, no matter what

No security professional should tell you the cloud — or any other defense — is 100% impenetrable. (If they do, take them off your consultation list.) Malicious actors, and even just careless employees, can threaten any security approach, including the cloud.

But as Gartner notes in Is the cloud secure?, “Exaggerated fears can result in lost opportunity and inappropriate spending.”

For organizations already using the cloud, there are cloud security tips to consider right now.

> Learn more | Cloud security infographic

Cloud security tips to act on immediately

Start with people and policies

  1. Enforce strong password security and single sign-on (SSO).
  2. Leverage multifactor identification that limits pre-authorized visitors.
  3. Adopt security training and annual policy reviews to keep every touch point engaged and alert.
  4. Enforce least-privilege access so nonessential parties can’t access data they don’t need.

Through 2025, 99% of cloud security failures will be the customer’s fault. CIOs can combat this by implementing and enforcing policies on cloud ownership, responsibility and risk acceptance.

$Gartner https://www.gartner.com/smarterwithgartner/is-the-cloud-secure$

Ensure physical cloud data center best practices

  1. Staff your data center with security personnel.
  2. Enforce access control lists.
  3. Use surveillance cameras, mantraps and/or biometrics to manage access.
  4. Verify your data center physically separates hardware from any other hosting it provides using separate cages and locking cabinets.

Plan for disaster contingencies

  1. Scale for uninterruptible power redundancy.
  2. Keep your fire suppression systems up to date.
  3. Consider distributing data centers geographically to ensure availability despite local conditions.

Demand constant network vigilance

  1. Verify your cloud provider constantly monitors network infrastructure components and services such as routing, switching and bandwidth.
  2. Assure certified engineers are available to resolve any issues according to your chosen service class.
  3. Operate automated network intrusion monitoring procedures 24/7.
  4. Stay up to date on automated perimeter defenses: Vulnerability and penetration testing, security information and event management, early denial of services (DoS) attack prevention and next-generation firewalls.

Keep data safe in transport

  1. Encrypt communications using up to AES-256 bit SSL v3 or TLS 1.0 and SSH.
  2. Ensure all content and operations are secure from any possible interference or interception en route.
  3. Create barriers between segments where security can be controlled and is an extension of the diversified security strategy.
  4. Encrypt data in transit so only encrypted data is allowed in and out of the environment.
  5. Enforce roles-based access.
  6. Limit the outbound traffic to known and approved channels and data types so malicious actors can’t siphon your sensitive information.

Cloud security also depends on application security

  1. Application users should automatically receive access to new versions or upgrades as soon as they are available. (However, cloud providers should never perform an upgrade without customer knowledge.)
  2. Request test environments to perform appropriate testing on new versions or any other aspect of the solution.
  3. Partner only with application builders whose development methodology prioritizes data security at every stage.
  4. Demand proper encryption key management, such as built-in encryption to the product or storage infrastructure, which are inaccessible to admins.
  5. Ask for robust logging so you have the ability to query/report data access.
  6. Separate host or network credentials. This helps keep proprietary enterprise data from other parties.

Look to compliance adherence for guidance

  1. In addition to quarterly audits by a third party, your cloud solution should be able to meet relevant regulatory demands. Here’s a starting list:
    • NIST
    • PCI
    • HIPAA
    • GDPR
    • FDIC
    • FINRA
    • GCIS
    • SOC 2 and 3
    • ISO 27001
    • TIA Tier 3 or 4 (or equivalent)
    • FFIEC
    • Customer-audit rights
    • Internal audit program
    • Cloud Security Alliance Registered

Questions to help you improve cloud security

As enterprises increasingly adopt cloud strategies, platform vendors are also diversifying their cloud offerings. Common solutions include:

  • Software as a service (SaaS)
  • Platform as a service (PaaS)
  • Infrastructure as a service (IaaS)
  • On-premises cloud, private or vendor clouds

When you’re questioning how to improve cloud security, here are some starter questions for your cloud partners or prospective vendors:

  • Where is my content stored?
  • Who is watching out for it, and how?
  • What type of network infrastructure is your host using?
  • What is the network intrusion monitoring policy?
  • Are all communications between clients and the cloud encrypted?
  • Are applications built with a security-first philosophy?
  • What is the penetration testing?
  • What regulatory standards does your cloud meet?
  • How often is the cloud audited?

Choosing the right cloud partner

Cloud technology has evolved dramatically, and today’s cloud providers can offer features and defenses many organizations would have a difficult time matching on their own.

Of course, not all clouds are equal, and some are optimized for specific purposes. This is especially true for content services platforms and process automation solutions because they touch so much sensitive data and so many critical systems.

Hyland, a leading provider of content services, offers cloud deployment on the Hyland Cloud and in expanded Amazon Web Services (AWS) infrastructure. This provides both the benefits of Hyland experts managing your content services solution and the scalability, reliability and security of AWS.

Learn more about cloud security tips in our guide, Defense in depth: Leveraging the cloud to reinforce critical layers of security.

In this piece:

Morgan Kent Molden is a writer and editor in the tech industry. She manages the Hyland blog and helps Hyland's team of experts talk all things content services. Morgan is based in the Des Moines, Iowa, area, where she and her husband raise three smart and curious daughters. Morgan coaches youth soccer and basketball.
Morgan Kent Molden

Morgan Kent Molden

Morgan Kent Molden is a writer and editor in the tech industry. She manages the Hyland blog and helps Hyland’s team of experts talk all things content services. Morgan is... read more about: Morgan Kent Molden