⚡ Get All Content for 20% Off ⚡

When It Comes to Adopting the Cloud, You've Got to Secure Company Data Here are five important tips in tightening small-business cloud security in this threatening online world.

By Patrick Heim

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

Yongyuan Dai | Getty Images

Whether you're starting a new business, or you have an established small- to medium-sized business, entrepreneurs today have a unique challenge as well as an opportunity when it comes to adopting the cloud. Before there was a wide array of cloud providers serving almost every business need, organizations regardless of size had to maintain IT departments or consultants and extensive physical infrastructure to run their businesses.

Related: Why Cloud Storage Provider Box Had a Killer Quarter

But the hidden downside to this approach wasn't just long-term cost -- it was security.

Securing your systems and data in today's threatening environment is complicated -- very complicated. It requires technical specialists and a complicated array of ever-changing security products. Monitoring, maintenance, policies, upgrades, patches, etc. are all hidden costs of maintaining your own IT infrastructure.

Even if a company has the financial resources, finding and retaining the skilled technical security talent necessary to succeed is exceedingly difficult. The number of skilled people haven't scaled with the demand. Unfortunately, in the "run your own IT" model, all forces are stacked against SMBs succeeding in being able to secure their systems.

As the founder, how do you ensure all systems are secure? Not surprisingly, cloud companies help bend the economics of security. Organizations like Dropbox, Google, Microsoft, Salesforce, etc. all have amazing resources to secure their environments. Not only can they attract and retain the best and brightest by offering unique challenges at a massive scale, they also have the resources to build out comprehensive teams.

A good portion of security responsibilities is transferred to cloud providers. From a customer perspective, there are also no hidden costs. Security is something that is baked into a highly predictable subscription fee.

So let's assume that you embrace the cloud like many small companies already have. The question is: "How do I make it secure?" Here's some practical advice.

1. Choose wisely.

Although cloud services have the potential for being considerably more secure than on-premise solutions, not all are created equal. Test the commitment of the cloud provider to security by reviewing which certifications they have. A cloud provider that's strongly aligned with values of customer trust and security will generally have independently audited certifications such as ISO 27001/27018, AICPA SOC 1/2/3, Cloud Security Alliance STAR, PCI, etc.

Related: How Network Segmentation Can Help Entrepreneurs Manage Ransomware Risks

Small business owners should review and trust these audit reports and not invest resources in conducting their own assessments. Other positive security indicators include security bug bounties, penetration tests, red teams and other third-party scrutiny that indicates that a cloud provider is going beyond the basics and truly committed to providing a hardened service.

2. Harden authentication with strong password management.

Contrary to popular advice, strong passwords are not the end-all to protecting an online account. Using the same password across multiple providers results in far more compromises than simply using weak passwords.

Consider enabling standards-based "SAML" single sign-on (there are cloud providers for this) and turning on two-factor authentication (2FA) wherever supported. Another great investment is a password management tool (e.g. 1Password, LastPass, etc.) that improves user experience while enabling highly complex and unique passwords for every application.

3. Accountability

Every formally adopted cloud service needs to have someone who is accountable for managing it as an administrator, monitoring usage and controlling access. Many of the security mistakes we see at Dropbox are employers not revoking access from terminated employees or configuring only a single-administrator account and then having that individual leave. Make sure your de-provisioning processes are robust, and timely and you have backups for all system administrators.

4. Make it safe.

There are many cloud providers that enable business and individual productivity for your business. Those who provide core services such as customer relationship management, financial systems, human resources, payroll, etc. should be closely managed, and adoption of unapproved services needs to be controlled.

Conversely, a much more flexible attitude should be taken for cloud services that enable individual productivity, innovation, collaboration, etc. Your employees can be your best technology innovators, because they are continuously assessing and adopting new services that make them more efficient.

Figure out what these services are -- and wrap security around them. Implement security products that give you monitoring and control capabilities, and sign up for business-class versions of popular services that your employees already use and love. Cracking down by restricting access can have unexpected consequences.

5. Secure your endpoints.

Many intrusions happen, because an individual is tricked to click on a link or run something. Security training is important, but even the most aware individuals can be phished. Implementing a comprehensive suit of security tools on every endpoint is essential to when the inevitable happens, and a bad guy tries to run code on your employees desktops or laptops.

In addition, I would advise that you turn on all available auto-update features for end-user operating systems and applications, and keep installed applications up to date. It is much more difficult for an attacker to compromise your company if everything is patched and up to date. You should measure and reward your teams to apply patches and updates as fast as possible.

This may feel like a lot of advice, but as I said in the beginning, it's complicated -- very complicated. Based on studying why companies have security compromises, I believe this list is a great starting point to dramatically drive down your company's risk.

Related: Dell's Cyber Security Unit Secureworks Valued at Up to $1.42 Billion in IPO

Patrick Heim

Head of trust and security at Dropbox

Patrick Heim is the head of trust and security at Dropbox, where he manages security and compliance for both the company and its service. He joined Dropbox in January of 2015 with over 20 years of information security and technology experience. Previously, he served as chief trust officer at Salesforce.com, where he built and ran a world-class security team that contributed to making Salesforce one of the most trusted enterprise cloud vendors. Patrick also held chief information security officer positions at Kaiser Permanente and McKesson Corporation and senior positions at Ernst & Young and two early-stage security technology companies. Patrick advises security startups and serves on the board of directors at Cylance.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

The Remote Side Hustle a 43-Year-Old Musician Works on for 1 Hour a Day Earns Nearly $3,000 a Month: 'All From the Comfort of Home'

Sam Ziegler wanted to supplement his income as a professional drummer — then his tech skills and desire to help people came together.

Business News

Costco CFO Reveals Uncertain Fate of $1.50 Hot Dog and Soda Combo

CFO Richard Galanti reveals that the price will stay the same — but only "for a while."

Business News

The Most Unexpectedly Popular Side Hustle of the Decade Has Low Startup Costs and High Markups

A new report shows that vending machines are a popular investment — and the industry is set to grow up to $3 billion by 2031.

Marketing

Ever Wonder Why Certain Websites Rank Higher Than Yours? This SEO Expert Reveals The Secret to Dominating Search Results

It's often the smart use of SEO, now supercharged with AI, particularly in keyword optimization.

Business News

AI Is Impacting Jobs. Here Are the Gigs Affected the Most, According to an Analysis of 5 Million Upwork Postings

The researcher said in the report that freelance jobs were analyzed first because that market will likely see AI's immediate impact.

Leadership

Former Interrogator Shares 5 Behaviors Liars Exhibit and How to Handle Them

Five deceptive behaviors to look for and how to respond to those behaviors when you encounter them.