Leveraging the Cloud to run some part of your business or product means you are inherently at risk for any security issue associated with the internet.  

A recent "New York Times" article revealed a sophisticated cyber-surveillance network, possibly originating with the Chinese government, which has infiltrated computers in 103 countries, including the United States. China, in particular, has both the capacity and the motive to carry out such an assault. 

It's difficult to say for sure but probably safe to assume that any state-sponsored cyber attacks are better organized, planned and funded than a typical script-kiddy with too much time on his hands.  Can we as businesses rely on the US government to help protect us from such attacks? If not, how do we defend against them? Are our traditional security measures enough?

Cloud computing is inherently attractive to small or start-up companies who don’t have lots of money to spend on infrastructure and support. Most internet based attacks are best addressed by internet infrastructure vendors who have the means and expertise to the job much more effectively. 

 

Employ sound, basic security principles such as:

 

-strong, frequently changing passwords 

-default-deny security policies

-keeping security patches up to date 

-system monitoring

-user training to minimize social engineering attacks

-a well-thought-out disaster recovery plan to name a few

 

As is the case with traditional, non-cyber crimes, the rest is best left to the professionals. Evaluate your exposure and verify your SaaS vendors commitment to security.  Don’t spend your precious resources guarding against something that’s impossible to prevent.  

 

To learn more about the Cloud or SaaS security you can join me at the next NYSIA Cloud Computing Industry Group or send me an email at Dmorrill@tgpassociates.com