ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
24 August 2017

Data security in the cloud: Key steps to protecting your information

David Guest

Are you keen to fully migrate to the cloud and offer your workforce more productive mobile working opportunities?

But are you held back by concerns about data security?

You’re certainly not alone.

With employees largely unaware of best practice for using unsecured SaaS apps, and compliance requirements becoming more urgent by the day in the build-up to GDPR, many organisations are understandably extra conscious of the need to protect themselves.

Fortunately, it’s now easier than ever to safely enjoy the many benefits of cloud-based data storage without having to fret over those commonly exaggerated security risks.

 

Four steps to securing your data

Of course, with no cloud security strategy and none of the necessary measures in place, your corporate data will be left exposed. But if the right processes, policies and controls are established, this doesn’t have to be the case.

1. Require multi-factor authentication (MFA)

Multi-factor authentication (MFA) is now being offered as part of the service provided by most cloud providers. Much more secure than the traditional username-and-password authentication method, MFA combines something you know (password) with something you own (mobile phone) or have (biometric).

If a cybercriminal is to gain access to your password, it is extremely unlikely that they’ll also have access to your mobile phone. With a significant number of accounts guarded by duplicate passwords (73% to be exact), MFA can remove any associated risks.

2. Set appropriate security policies

One of the biggest concerns organisations will have when moving data to the cloud is the greater number of unrecognised devices and locations it can be accessed from.

One way this issue can be resolved is with Cloud App Security (CAS). Offering comprehensive risk reporting on who’s accessing data and where from, CAS will allow you to set up a range of security policies which filter suspicious activity and block access from untrusted IP addresses.

CAS also allows you to classify and categorise apps and data according to type and risk level, making it easier to ensure you apply the appropriate data protection policy in each case.

3. Establish conditional access rules

As technology innovates to meet evolving security demands, enterprises have more sophisticated options than ever before for granting and denying permissions to access data. Applying access controls to company data is one of the most effective ways of ensuring it can be easily accessed by employees and collaborators, without being exposed to malicious outsiders.

Azure’s recently expanded conditional access controls will specify which data has been accessed, based on recognised users, permitted locations, and compliant devices.

The platform also utilises machine learning to continuously monitor risk events in real time, identifying the point of access by IP address and time and prioritising alerts according to the evaluated level of risk.

4. Encrypt data at rest and in transit

Last but by no means least, it’s important to encrypt sensitive data. This must be done both when data is at rest (i.e. not actively moving between devices or networks), and when it is moving in transit from one location to another via a private network or the internet.

Although it’s sometimes thought that data is only exposed and at risk when in transit, it’s essential to protect it in both states. The two carry different risk profiles, but ultimately attackers will be just as motivated to breach valuable data stored on a hard-drive as that being sent from one network to another.

Next, watch our conditional access and MFA webinar on-demand and learn why these technologies are key to securing your organisation’s assets.

Or download ‘The business case for cyber security’ e-Guide for best practice on how to take a proactive and pre-emptive approach to tackling the issue.

You may also like...

Blog

Comprehensive security, privacy and compliance with Microsoft 365

Blog

5 simple ways you can help your users spot a phishing attack

Recent Blog Articles

View All
Author
David Guest
Solution Architect and Technology Evangelist
Learn More
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.

ThirdSpace

Welcome to ThirdSpace, the new home (and new name) for Oxford Computer Group UK.

Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".

Continue to ThirdSpace
ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.