Cloud Computing Best Practices
We've provided some general information below about cloud computing. At RIT, information handling requirements (including the use of non-RIT servers for storage) are articulated in the Information Access and Protection Standard. Refer to the standard for more information about storage restrictions based on information classification.
There are certainly some benefits to cloud computing, but the practice of saving content on the Internet is facing more scrutiny than ever. While there is no silver bullet solution to securing your cloud service, understanding how you can protect yourself is the best way to keep your information private.
- Keep up to date with the latest cloud security developments. Because cloud computing is constantly evolving and adapting to new security threats, you need to upgrade your security as often as possible. As this article states, “hackers target vulnerable operating systems that don't have properly applied patches.”
- Add file caching capability to your computer. Consider local caching of your files on your computer as a backup for your cloud service. Cloud computing is perfect for sharing team files, but the network can go down and bring project progress to a standstill. Having your files to work off of, even if they aren’t perfectly synced, is an essential backup if you want to continue working. This is also convenient if you encounter a security breach, because it allows you to find any changes or deletions in your files.
- Don’t just rely on cloud computing. If it’s not maintained by you, there is never a guarantee that your information will be there. When Megaupload was taken down by the FBI, many users found that they lost all of their own data as part of that effort to stop the distribution of copyrighted materials. Cloud Service Providers (CSPs) sometimes recommend that you store your data with several cloud services, which is more costly due to subscription costs and is less effective than hosting your own backup system. Most CSPs save your information in one place, so you would be buying multiple services that depend upon a single source.
- Know which programs or services you use that are supported by cloud service providers. This allows you to keep better track of what information you could potentially lose or have stolen in the event of a CSP security breach. This knowledge can be critical to protecting your private information; if you’re not aware of what is available, you may become an unsuspecting victim.
- Be aware that your system can easily be transferred to another server in the CSP’s network. Although this is a major advantage of cloud computing, if you deal with sensitive or classified information it is better at this point in cloud service development to work exclusively with more secure in-house systems.
- Keep up to date on any infrastructure or policy changes for your CSP. Having a good relationship with your CSP is important, to ensure that you know when they change how they handle and secure your information. Although you may not be able to access security information in the same way you could on an internal system, understanding how your information is saved and monitored could quickly alert you to a problem.
- Compare encryption standards between various CSP’s. Look for an Advanced Encryption Standard (AES) since it’s the best standard currently available to secure your data. An SAS 70 Type II datacenter is also widely acknowledged as a very secure physical housing of information. Having access to a CSP with both of these systems will help secure your information a bit better.
To learn more about cloud computing: