Subscribe

Cloud security tips for SMEs

By Sven Woxholt, technical director at Sage Pay


Johannesburg, 05 Sep 2014

Information security is top of mind for SMEs as they rely more and more on digital services and applications to get their work done. Many are turning towards cloud services to reduce IT infrastructure costs and to turn patching applications, securing data and running servers into someone else's problem.

While it is true that a good IT cloud service provider will host its applications in a far more secure environment than most SMEs could afford themselves, relying on the cloud does not let you completely off the hook when it comes to securing your data.

In this case, I'll be talking mostly about public cloud services - applications that you buy and use as a service across the public Internet, rather than managing and hosting in your own server room, says Sven Woxholt, technical director at Sage Pay. Let's consider two elements of cloud security you should be thinking of as an SME: what your service provider should be doing to protect your data and what you should be doing.

Choosing the right provider

When you're selecting a service provider, you should look for a company that has put a range of processes and policies in place to secure its infrastructure and data from information security risks. Luckily, the data centres at most reputable Internet service providers keep these basics covered because it's their core business to do so.

Some examples of the things your service provider should do to protect its infrastructure (and your data) include the following:

* It should have multi-layered networks, good firewalls and a vast amount of bandwidth so that it can cope with attempted denial of service (DOS) attacks.
* It should also have processes and policies in place to keep all server, application and network software up to date so that it protects itself from known vulnerabilities.
* There should be strict access controls - physical and digital - so that only authorised people have access to the data, applications and infrastructure in the data centre.
* It should conduct regular vulnerability scanning and penetration.
* The applications should be designed with best practice in mind.

How you should keep your data safe

If you are a user of cloud services, it is important to remember that you are accessing this resource through a public network. You probably only have one way to authenticate yourself and that is with a username and password.

As such, you should ensure you have a strong password that is difficult to guess, but easy for you to remember. It is just as important to change your password periodically. You must also take care not to let your password fall into the wrong hands.

You should not have this information in an easily accessible file on your computer, nor should you write it on a sticky note that you paste on your screen where everyone can see it. In addition, you should run good anti-virus and anti-malware software. It may seem that these are the same thing, but they are not. Make sure they are reputable and have the latest updates and definitions installed.

The next important factor is how you communicate with the cloud. This should always be with a certificate in place. The certificate should be valid for the appropriate vendor of the service, should not be expired, and must be issued by a reputable certificate company.

Lastly, make sure the product you are using is being offered by a reputable vendor and that when you are accessing this product, you are actually communicating with that vendor. Be wary of phishing scams and other techniques hackers use to access cloud traffic.

Closing words

Provided you partner with the right service provider, using cloud applications will take care of many of the security challenges you'd face running your applications in-house and on your own servers. However, you should also take care to access the PCs and networks in your own workforce that you will use to access software from your service providers.

Share

Sage Pay

Sage Pay (previously Sage Netcash) provides payment solutions to small and medium-sized companies in South Africa. Salary and creditor payments, debit order collections or credit card gateway transactions are processed from one online account. Competitive transaction fees, and an easy-to-use online platform, allows business owners to manage their business transactions from anywhere at any time. A full range of credit check and risk management services are also available from the Sage Pay account.

Sage South Africa

The Sage Group is a leading global provider of business management software to small and medium sized companies, creating greater freedom for them to succeed. Sage understands how and why each business is unique. It provides products and services that suit varying needs, are a pleasure to use and are secure and efficient. Formed in 1981, Sage was floated on the London Stock Exchange in 1989 and entered the FTSE 100 in 1999. Sage has over 6 million customers and more than 13 500 employees in 24 countries covering the UK & Ireland, mainland Europe, North America, South Africa, Australia, Asia and Brazil. For further information, please visit www.sagesouthafrica.co.za and www.sage.com.

Editorial contacts