Is your cloud safe? Use this cloud security checklist to find out
Migrating to the cloud is a rather complicated process and often involves a set of data security concerns compared to an on-premises environment. The security measures normally provided by cloud service providers may vary. However, there are some best practices that all organizations must follow to ensure that their data is protected in the cloud.
If you're using a cloud platform, we recommend taking a look at our security checklist. The implementation of checklist items may vary depending on your needs, but the principles remain the same regardless of how they are implemented.
All points in the list are evaluated using the example of ONLYOFFICE Workspace Cloud, a cloud collaboration platform that provides a set of tools to manage all business processes.
1.- Comply with the corresponding regulations
Compliance with legislation is a very serious issue that needs to be understood quite thoroughly, as compliance failures can lead to regulatory fines, lawsuits, cybersecurity incidents and reputational damage.
Among all the laws and regulations that control the processing of European citizens' data, the General Data Protection Regulation (GDPR) plays the most important role. With the GDPR, Europe is pointing out its firm stance on data privacy and security at a time when more people trust their personal data to cloud services and breaches are a daily fact.
The regulation itself is comprehensive and far-reaching, making GDPR compliance a daunting prospect, especially for small and medium-sized enterprises (SMEs). All cloud service providers must comply with GDPR requirements.
What does ONLYOFFICE offer: The ONLYOFFICE cloud service is fully GDPR compliant. ONLYOFFICE practices minimalism and collects only the data absolutely necessary for the fulfillment of its functions. The data of its users is used only legally and transparently and its full protection is guaranteed in accordance with European legislation.
2.- Take advantage of Open Source
The open source model states that the source code of a software is publicly accessible and can be redistributed and modified by a community of developers. This model is very popular today as open source projects adopt such values as collaboration and transparency, to the mutual benefit of software and its users.
This commitment to the community pushes developers to constantly contribute new features and ensure that old ones work properly. As a result, popular open source projects are often at the forefront of technology. Open information exchange is essential for open source projects and allows them to be more profitable, flexible and secure.
What does ONLYOFFICE offer: The source code for all ONLYOFFICE solutions is available on GitHub. Everyone can review it at any time to ensure that all features work properly and there are no critical errors, no false doors.
3. Enable two-factor authentication and control tools
Two-factor authentication (2FA) adds an additional layer of security to passwords. This process is done to better protect both the user's credentials and the resources they can access. Two-factor authentication methods are based on the user providing a password, as well as a second factor, usually a security token.
Two-factor authentication adds an additional layer of security to the authentication process, making it difficult for attackers to access someone's devices or accounts, since knowing only the victim's password is not enough to pass the authentication check.
What does ONLYOFFICE offer: ONLYOFFICE users can enable two-factor authentication via SMS (Clickatell, SMSC and Twilio) or a third-party authentication application (Google Authenticator, Authy, etc.). Administrators can also track user logins and control their activities.
4. Manage access permissions
Another effective practice is the management of access permissions. When effectively implemented, it reduces the risk of information being accessed without proper authorization, illegally and the risk of a data breach.
It is not uncommon for access to information to be too restrictive, resulting in information silos. While it is obvious that we need to focus on security and privacy to protect company information and comply with the obligations of data protection legislation, there must also be a balance with accessibility.
What does ONLYOFFICE offer: Users in ONLYOFFICE can easily be grouped and ranked. Access rights to modules and portal data are established for each user or group in order to protect specific data from unwanted care and from the actions of intruders. In addition, JWT protection is enabled by default in ONLYOFFICE to ensure that users are unable to access more data than allowed.
5. Make backups
Data loss is the worst nightmare for an organization. Data loss at the nibe can occur as a result of a server crash, deleted email, virus or human error. That's why it's important to create backups
Deploying data backup to the cloud can help strengthen an organization's data protection strategy without increasing the workload of information technology (IT) staff. The labor savings can be significant and sufficient to offset some of the additional costs associated with cloud backup.
What does ONLYOFFICE offer: Your data can be backed up either manually and automatically to the ONLYOFFICE Docs module, a storage of your choice (DropBox, Box, Google Drive, OneDrive, etc.) or a third-party service (AWS S3, Google Cloud Storage, Rackspace Cloud Storage or Selectel Cloud Storage). A local drive of your own is offered as an option to perform a temporary manual backup, if necessary.
6. Encrypt the data
Encryption in the cloud is necessary because its main purpose is to secure and protect sensitive information while it is transmitted over the Internet and other computer systems.
In addition, encryption is not only used to protect data and confidentiality. In the background, digital data is intended to be transmitted and encryption is necessary to carry out the transmission securely. Users want to make sure that their information is secure when it is transferred to another user and that the other user is the one they intend to send the data to and not to any malicious attacker.
What does ONLYOFFICE offer: All files stored in the ONLYOFFICE cloud are encrypted using 256-bit AES encryption and access to the ONLYOFFICE portal is allowed through the HTTP protocol with SSL (Secure Sockets Layer). In addition, the VIP plan offers encrypted editing and collaboration on documents in the Private Rooms. A Private Room is a protected place where all information is encrypted using the AES-256 algorithm automatically without the need to memorize and enter passwords.
Cloud solutions have revolutionized the business and technology environment. The growing reliance on cloud services for the storage and management of sensitive data is a sufficient motivation for malicious attackers. Therefore, all businesses and users need to know and follow the best practices for cloud security on this checklist to properly protect their sensitive information. Do you want to check how a secure cloud office works? Sign up now for free.